On Mon, Sep 11, 2006 at 02:21:47PM +0900, YAMAMOTO Takashi wrote:
> 
> - i don't think it's so relevant.
> - i don't think IPFILTER_DEFAULT_BLOCK option is a great idea.
> - iirc, ipfilter has a global knob to enable it.

How is this supposed to work?  The point of IPFILTER_DEFAULT_BLOCK is
protect your system from, for example, inapproprate packet handling
or routing over autoconfigured network interfaces (or interfaces
configured by the kernel as part of the boot process) *before* any
user code runs.

What, exactly, is supposed to turn this knob?

Thor