On 10/31/05, Peter Zaitsev <[EMAIL PROTECTED]> wrote: > On Mon, 2005-10-31 at 16:20 -0500, Dan Swartzendruber wrote: > > A > > >Why not to set it to 1000Mbit ? Seriously If you're looking for > > >something fail safe it could be fails safe.
Just like your very well thought out default deny? I'll put that in btw, but it'll break your setup. The only good policy IMO for failsafe is to allow webGUI management on LAN interface from LAN subnet only, with EVERYTHING else blocked. I know for a fact it'll cause you a drive to the colo facility your box is in, but I'm still willing to put it in. As for the 1000Mbit, is your NIC capable of that? Mine sure aren't, the shaper will fail because of that too. Or are you proposing purchasing gigabit capable equipment for every user? EVERY NIC we support is capable of 10Mbit, it's a good default for when the shaper breaks stuff. > Well... In this case it happened on upgrade. I did set interface > bandwiths previously but they were lost. I fixed this for .90 that the wizard was breaking that caused your problem. It was a bug that had been reported for some time and I hadn't been able to find it until I was working on something else. > Also my idea (possibly very wrong) - it should be impossible to create > broken rules.debug file from web interface. If setting bandwith on > interface is required - it should be forced in initial setup wizard > etc. It should be, yes. We're working on that. It's the reason why we ask for rules.debug, it's also the reason we don't just wipe rules.debug after pfctl'ing it. > The thing is even such feature as traffic shaping breaks no rules are > loaded on reboot at all leaving you in interesting state. > > This is of course requirement for "stable" software which a lot of > newbies can easily use. I know it is alpha yet - but how you make > alpha stable not highlighting deficiencies ? We aren't stable, you are testing features that haven't been heavily tested. It shows. Instead of complaining about every bug you find, how about reporting them with EXACT details on how to replicate. Also, keeping related stuff in _one_ thread would be nice. --Bill --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
