Date: Sat, 26 Jan 2002 23:40:25 -0700 From: Nate Williams <nate@yogotech.com> To: Bob K <melange@yip.org> Cc: Patrick Greenwell <patrick@stealthgeeks.net>, stable@FreeBSD.ORG Subject: Re: Firewall config non-intuitiveness Message-ID: <15443.41177.259786.242696@caddis.yogotech.com> In-Reply-To: <20020125203328.A454@yip.org> References: <000c01c1a5ff$a4539870$0101a8c0@cascade> <20020125165307.C54729-100000@rockstar.stealthgeeks.net> <20020125203328.A454@yip.org>
next in thread | previous in thread | raw e-mail | index | archive | help
> > You know, I continue to be amazed at the attitude that says that things > > should be kept counter-intuitive and anyone who doesn't like it that way > > is ignorant. What possible benefit is there in perpetuating mislabeled > > behavior? > > > > To me, it's very simple: there's this "firewall_enable" option in rc.conf, > > and I think that reasonable people would infer that if you set it to "no" > > it meant that you didn't want a firewall enabled(based on the name of the > > variable), yet that is not what happens. > > > > All the documentation reading in the world isn't going to make me think it's a > > good idea to have "no" mean "yes" and I certainly don't think it's useful or > > helpful to cast aspersions on individuals who want "no" to actually mean "no." > > The problem is that you're not taking into account the installed base of > users who twiddle this knob. How many angry firewall admins will come > into being when the behaviour suddenly stops being, "don't load any > firewall rules" and starts being, "disable the firewall"? I'm guessing the number of firewall admins who have 'firewall_enable=NO' in their configuration file is 0. No-one in their right mind has configured a firewall with no rules, and those that have are using the wide-open ruleset, which is the same as having no firewall. Methinks you're exaggerating the effects of changing the default just a tad bit. :) :) :) Nate To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?15443.41177.259786.242696>