On Tue, 15 Nov 2005 15:32:11 -0000 "mike scott" <[EMAIL PROTECTED]> wrote:
> And if, for any reason whatsoever, pfctl fails to run? The system > remains wide open. Becasue that happens a lot.... Oh come on now, this is a fringe case if there ever was one. What if your default block kernel has a bug that causes it to pass all under some obscure circumstance? > It can't be rocket science to make the 'pass' a 'block' in which case > everything is entirely watertight in the event of virtually /any/ > system fault bar kernel corruption. And it can't be too much harder to > make this a compiled-in option, which would keep happy the paranoid, > while allowing those who want remote log-in on failure to do so. If you exit /etc/rc the way Daniel said there wont be any sshd running and thus no possability for remote log-in. You'll be left with a box that does nothing but answer ping's. --- Lars Hansson