From owner-cvs-all Mon Jan 13 11: 5: 7 2003 Delivered-To: cvs-all@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id A9C0537B401; Mon, 13 Jan 2003 11:05:06 -0800 (PST) Received: from elvis.mu.org (elvis.mu.org [192.203.228.196]) by mx1.FreeBSD.org (Postfix) with ESMTP id 58AE843F5B; Mon, 13 Jan 2003 11:05:06 -0800 (PST) (envelope-from mux@freebsd.org) Received: by elvis.mu.org (Postfix, from userid 1920) id 24B1BAE28A; Mon, 13 Jan 2003 11:05:06 -0800 (PST) Date: Mon, 13 Jan 2003 11:05:06 -0800 From: Maxime Henrion To: Matthew Dillon Cc: Pawel Jakub Dawidek , Bruce Evans , cvs-committers@FreeBSD.ORG, cvs-all@FreeBSD.ORG, luigi@FreeBSD.ORG Subject: Re: cvs commit: src/sbin/ipfw ipfw.8 ipfw2.c Message-ID: <20030113190506.GF16775@elvis.mu.org> References: <20030113082610.GH9430@garage.freebsd.pl> <20030113222917.C12128-100000@gamplex.bde.org> <20030113140700.GP9430@garage.freebsd.pl> <200301131859.h0DIx2pa004540@apollo.backplane.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <200301131859.h0DIx2pa004540@apollo.backplane.com> User-Agent: Mutt/1.4i Sender: owner-cvs-all@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Matthew Dillon wrote: > This seems like overkill to me. Why not simply implement > CTLFLAG_SECURE3 ? Also, the comment that Bruce quoted seems to > imply that MAC will eventually take over this functionality. I > suppose we could have a bandaid until then but if so I would > far prefer a CTLFLAG_SECURE3 bandaid then changing ip_fw_enable > into a SYSCTL_PROC. Implementing CTLFLAG_SECURE3 seems like the best thing to do to me as well, by far. Cheers, Maxime To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe cvs-all" in the body of the message