svn commit: r301226 - in head: etc etc/defaults etc/periodic/security etc/rc.d lib lib/libblacklist libexec libexec/blacklistd-helper share/mk tools/build/mk usr.sbin usr.sbin/blacklistctl usr.sbin...
Nathan Whitehorn
nwhitehorn at freebsd.org
Mon Jun 6 17:50:22 UTC 2016
On 06/06/16 10:25, Andrey Chernov wrote:
> On 06.06.2016 20:22, Ian Lepore wrote:
>> On Mon, 2016-06-06 at 20:06 +0300, Andrey Chernov wrote:
>>> As variant, I keep hope blacklist sh helper will teach about ipfw
>>> soon,
>>> it looks possible. Then it can be re-enabled by default.
>> No, it should still not be enabled by default. Maybe it should be
>> enabled in response to some question in the installer, or maybe even
>> better, enabled only if some firewall software that understands it is
>> also enabled. But afaik, all the available firewalls are disabled by
>> default in defaults/rc.conf, and this should be too.
> BTW, it is good idea: to check first, is supported firewall enabled, and
> only then enable blacklistd by default.
>
>
Like many others, I think it shouldn't be enabled by default ever, even
though it is a useful thing and a service that should be in the small
checklist in the installer. FreeBSD has *no* daemons enabled by default
except devd and a local sendmail and, since this particular feature is
one that many people don't want, this is the wrong time for an expansion
of that list.
(Thanks for adding this to the system, though, and thanks for changing
the setting!)
-Nathan
More information about the svn-src-head
mailing list