From owner-freebsd-stable  Sat Jan 26 23: 2:19 2002
Delivered-To: freebsd-stable@freebsd.org
Received: from sapphire.tenebras.com (sapphire.tenebras.com [66.92.188.241])
	by hub.freebsd.org (Postfix) with ESMTP id 9A4AD37B41C
	for <stable@FreeBSD.ORG>; Sat, 26 Jan 2002 23:02:12 -0800 (PST)
Received: from tenebras.com (localhost [127.0.0.1])
	by sapphire.tenebras.com (8.11.6/8.11.6) with ESMTP id g0R70tN69858;
	Sat, 26 Jan 2002 23:00:55 -0800 (PST)
	(envelope-from kudzu@tenebras.com)
Message-ID: <3C53A5A2.A5F8FBD6@tenebras.com>
Date: Sat, 26 Jan 2002 23:00:50 -0800
From: Michael Sierchio <kudzu@tenebras.com>
X-Mailer: Mozilla 4.78 [en] (X11; U; Linux 2.4.2 i386)
X-Accept-Language: en
MIME-Version: 1.0
To: Nate Williams <nate@yogotech.com>
Cc: Bob K <melange@yip.org>,
	Patrick Greenwell <patrick@stealthgeeks.net>, stable@FreeBSD.ORG
Subject: Re: Firewall config non-intuitiveness
References: <000c01c1a5ff$a4539870$0101a8c0@cascade>
		<20020125165307.C54729-100000@rockstar.stealthgeeks.net>
		<20020125203328.A454@yip.org> <15443.41177.259786.242696@caddis.yogotech.com>
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Sender: owner-freebsd-stable@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-stable.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-stable>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-stable>
X-Loop: FreeBSD.ORG

Nate Williams wrote:

> I'm guessing the number of firewall admins who have 'firewall_enable=NO'
> in their configuration file is 0.

Well... I start it in my setup script that enables the 802.11
interface, so I have it (and natd_enable) set to "NO" -- a
peculiar case,  the exception which proves you right, etc.
I need both PCMCIA interfaces up before I start these, and
the standard rc scripts don't provide a good way of doing
this with more than one pccard interface (it's an old
laptop that serves as my SMTP and DNS host, it has a built-in
UPS aka a battery).

The PCCARD stuff is somewhat non-deterministic and asynchronous
in when the daemon actually gets the interfaces up, so...

Yes, yes -- experienced professionals rarely go naked in
say, Toronto, in January.

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-stable" in the body of the message