On Thu, Sep 19, 2002 at 04:11:16PM +0200, Martin Husemann wrote:
> There was a time (a very long time ago) when upgrading the kernel would
> have broken existing setups if the default would have been "block all".
> IIRC ipf itself changed the default.

Doesn't that tend to happen now, every time ipf gets updated.
Or has someone managed to get the code to use ioctl requests
and versioning so that the new utils can load an old kernel?
(and coding for binary compatibility so that a new kernel
can be loaded with the old rules by the old utils.)

> There was a violent discusion and since then we always kept the "pass all"
> default.

I can imagine :-)

> Think of sites without any ipf rules (ipf is in GENERIC).

I was thinking that ipf could load a 'pass all' ruleset from
the rc script 'as shipped'.  But once configured that would
no longer happen.


	David

-- 
David Laight: david@l8s.co.uk