On Sat, 22 Mar 2014 22:39:36 -0700, Julian Elischer wrote: > reposting with a useful subject line and more comments > > On 3/22/14, 10:33 PM, Julian Elischer wrote: > > > > in ipfw that's up to you.. > > but I usually put the check-state quite early in my rule sets. > > > On 3/22/14, 1:34 AM, Ian Smith wrote: > > Firstly, that's the one page in the handbook (that I know of) that needs > > completely nuking. It contains many factual errors as well as weird > > notions, and will only tend to mislead you; consult ipfw(8) and prosper. > > I'd say refer to the examples in rc.firewall but it too is in disrepair.
Firstly, I owe an apology to the doc crew, one of whom contacted me privately to point out that the ipfw page has had quite a massaging lately, and work is ongoing. I'm sorry for not checking again first. > I am working on a new rc.firewall that is much more efficient. > the trouble is that the script to make it do what I want is a bit more > complicated. > I'll put it out for discussion later. maybe tonight. Great. Maybe my failed rc.firewall patch from '11 can still be useful. > as for the handbook pages.. after we see how the new firewall rules work > we can see about rewriting the page. Yes, well it seems there's a newer framework worth hanging it on now. I guess we should drop freebsd-security@ until there's some news? cheers, Ian _______________________________________________ freebsd-ipfw@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw To unsubscribe, send any mail to "freebsd-ipfw-unsubscr...@freebsd.org"
