On Mon, 28 Apr 1997, Jonathan Stone wrote:

> >        (2) The previous default rule when ipfilter was enabled was
> >            "all pass"
> 
> No, it wasn't, not in the versions I've been using.

It certainly was in a recent version of NetBSD. I know this because
due to a minor misconfiguration in my /etc/rc files on my router
box and a reboot, my home network had NFS and SMB left wide open
for a day or so.

Obviously, I'm quite well convinced that there must be some way to
configure ipfilt to a) block everything when no rules are loaded,
and b) be turned on by default when the system starts. I'm happy
with Jason's suggestion of having an option one can turn on in the
kernel config to do this.

cjs

Curt Sampson    cjs@portal.ca		Info at http://www.portal.ca/
Internet Portal Services, Inc.		`And malt does more than Milton can
Vancouver, BC   (604) 257-9400		 To justify God's ways to man.'