From owner-freebsd-stable Sat Jan 26 22:41:14 2002 Delivered-To: freebsd-stable@freebsd.org Received: from ns.yogotech.com (ns.yogotech.com [206.127.123.66]) by hub.freebsd.org (Postfix) with ESMTP id 1F55C37B416 for ; Sat, 26 Jan 2002 22:41:05 -0800 (PST) Received: from caddis.yogotech.com (caddis.yogotech.com [206.127.123.130]) by ns.yogotech.com (8.9.3/8.9.3) with ESMTP id XAA06006; Sat, 26 Jan 2002 23:40:49 -0700 (MST) (envelope-from nate@yogotech.com) Received: (from nate@localhost) by caddis.yogotech.com (8.11.6/8.11.6) id g0R6ePo53606; Sat, 26 Jan 2002 23:40:25 -0700 (MST) (envelope-from nate) From: Nate Williams MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Message-ID: <15443.41177.259786.242696@caddis.yogotech.com> Date: Sat, 26 Jan 2002 23:40:25 -0700 To: Bob K Cc: Patrick Greenwell , stable@FreeBSD.ORG Subject: Re: Firewall config non-intuitiveness In-Reply-To: <20020125203328.A454@yip.org> References: <000c01c1a5ff$a4539870$0101a8c0@cascade> <20020125165307.C54729-100000@rockstar.stealthgeeks.net> <20020125203328.A454@yip.org> X-Mailer: VM 6.96 under 21.1 (patch 14) "Cuyahoga Valley" XEmacs Lucid Reply-To: nate@yogotech.com (Nate Williams) Sender: owner-freebsd-stable@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG > > You know, I continue to be amazed at the attitude that says that things > > should be kept counter-intuitive and anyone who doesn't like it that way > > is ignorant. What possible benefit is there in perpetuating mislabeled > > behavior? > > > > To me, it's very simple: there's this "firewall_enable" option in rc.conf, > > and I think that reasonable people would infer that if you set it to "no" > > it meant that you didn't want a firewall enabled(based on the name of the > > variable), yet that is not what happens. > > > > All the documentation reading in the world isn't going to make me think it's a > > good idea to have "no" mean "yes" and I certainly don't think it's useful or > > helpful to cast aspersions on individuals who want "no" to actually mean "no." > > The problem is that you're not taking into account the installed base of > users who twiddle this knob. How many angry firewall admins will come > into being when the behaviour suddenly stops being, "don't load any > firewall rules" and starts being, "disable the firewall"? I'm guessing the number of firewall admins who have 'firewall_enable=NO' in their configuration file is 0. No-one in their right mind has configured a firewall with no rules, and those that have are using the wide-open ruleset, which is the same as having no firewall. Methinks you're exaggerating the effects of changing the default just a tad bit. :) :) :) Nate To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message