Date: Sun, 27 Jan 2002 11:51:33 -0600 From: jacks@sage-american.com To: "M. Warner Losh" <imp@village.org> Cc: cjc@FreeBSD.ORG, nate@yogotech.com, stable@FreeBSD.ORG Subject: Re: Firewall config non-intuitiveness Message-ID: <3.0.5.32.20020127115133.01831ca0@mail.sage-american.com> In-Reply-To: <20020127.102748.70374201.imp@village.org> References: <3.0.5.32.20020127075816.01831ca0@mail.sage-american.com> <20020127014848.F23259@blossom.cjclark.org> <20020127.052626.107682843.imp@village.org> <3.0.5.32.20020127075816.01831ca0@mail.sage-american.com>
next in thread | previous in thread | raw e-mail | index | archive | help
The reason I mentioned leaving the FW rule loading out of the boot process, I too have some things that at the moment cause problems loading some other things with the rules in there. So after enough of that, I now start the FW right after booting... of course hoping I don't forget to load the rules at the moment bootup finishes.... BUT, of course I don't boot very often and flush/reload the FW rules more often.... especially if I need to tweak a rule. At 10:27 AM 1.27.2002 -0700, M. Warner Losh wrote: >In message: <3.0.5.32.20020127075816.01831ca0@mail.sage-american.com> > jacks@sage-american.com writes: >: What would be wrong with booting without loading a FW script and then >: loading the rules after the boot is finished...??? > >Right now what I have works. You are changing the semantics of a >security related feature of the system in such a way that after this >change what I have will not work. I agree that your work around will >allow me to easily correct things. However, if I fail to do so, I >open my firewall up completely. To me, that's an unacceptible change >in the API. > >Warner > > Best regards, Jack L. Stone, Server Admin =================================================== Sage-American http://www.sage-american.com jacks@sage-american.com "My center is giving way, my right is in retreat; ....situation excellent! ....I shall attack!" =================================================== To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3.0.5.32.20020127115133.01831ca0>