[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: /usr/share/pf/ suggestion

To: misc_(_at_)_openbsd_(_dot_)_org
Subject: Re: /usr/share/pf/ suggestion
From: Uwe Dippel <udippel_(_at_)_uniten_(_dot_)_edu_(_dot_)_my>
Date: Wed, 24 Aug 2005 12:22:24 +0800
Organization: Uniten

On Tue, 23 Aug 2005 16:53:25 -0600, Theo de Raadt wrote:

> You're wrong.  Everyone -- run pf wherever you find it easier.

Followed this discussion with interest.
Doing the same thing (running pf) on my single-ended boxes; I actually
questioned myself why all of this is not part of the base install. Would
make my life easier; with pf turned on instead of me turning it on; and a
default pf.conf that opens 22 only and only in case I had decided to run
sshd during install. 
With the macros in PF it is much much easier to simply add service 
identifiers if I wanted more. And pfstat being in the base as well !
Would simplify my installs even more: vi /etc/pf.conf, add / remove
services there. Over. Browse newbox.mydomain.com/usage/pfstat.png (because
I'd add httpd-flags, and http in pf.conf), and I'd be knowing what is
going on two minutes after reboot. 
Plus, I'd feel even safer out of the box.

Uwe

Prev by Date: Re: 1U server recommendation
Next by Date: Re: Network "hang" on IBM x335
Previous by thread: Re: /usr/share/pf/ suggestion
Next by thread: Re: /usr/share/pf/ suggestion
Index(es):
- Date
- Thread

Visit your host, monkey.org