Change IPFW default to allow
Michael Sierchio
kudzu at tenebras.com
Sun Dec 9 18:30:03 UTC 2018
On Sun, Dec 9, 2018 at 10:17 AM JD <jd1008 at gmail.com> wrote:
> What a horrible (terribly insecure) suggestion for default operation of
> IPFW.
Default to accept merely means that the default rule - rule 65535 - permits
all traffic. It is useful when booting and getting all other services
operational. Loading a firewall ruleset changes that entirely. Imagine a
situation in which your cloud instance tries to get a DHCP address and
routing information, only to fail because no packets can go in or out.
You haven't done this before, have you?
--
"Well," Brahma said, "even after ten thousand explanations, a fool is no
wiser, but an intelligent person requires only two thousand five hundred."
- The Mahābhārata
More information about the freebsd-questions
mailing list