Date: Sun, 27 Jan 2002 00:04:09 -0700 From: Nate Williams <nate@yogotech.com> To: Michael Sierchio <kudzu@tenebras.com> Cc: Nate Williams <nate@yogotech.com>, Bob K <melange@yip.org>, Patrick Greenwell <patrick@stealthgeeks.net>, stable@FreeBSD.ORG Subject: Re: Firewall config non-intuitiveness Message-ID: <15443.42601.781625.356369@caddis.yogotech.com> In-Reply-To: <3C53A5A2.A5F8FBD6@tenebras.com> References: <000c01c1a5ff$a4539870$0101a8c0@cascade> <20020125165307.C54729-100000@rockstar.stealthgeeks.net> <20020125203328.A454@yip.org> <15443.41177.259786.242696@caddis.yogotech.com> <3C53A5A2.A5F8FBD6@tenebras.com>
next in thread | previous in thread | raw e-mail | index | archive | help
> > I'm guessing the number of firewall admins who have 'firewall_enable=NO' > > in their configuration file is 0. > > Well... I start it in my setup script that enables the 802.11 > interface, so I have it (and natd_enable) set to "NO" -- a > peculiar case, the exception which proves you right, etc. > I need both PCMCIA interfaces up before I start these, and > the standard rc scripts don't provide a good way of doing > this with more than one pccard interface (it's an old > laptop that serves as my SMTP and DNS host, it has a built-in > UPS aka a battery). Sure it does. Add '-z' to pccard_flags, and both cards will be setup and completely configured *before* the firewall needs to be enabled. (Been there, doing that right now on my laptop). > The PCCARD stuff is somewhat non-deterministic and asynchronous > in when the daemon actually gets the interfaces up, so... See above. It can easily be done in a more standard way. (One can argue that the '-z' should be the default flag, but so far I've failed to convince Warner of this fact. :) :) Nate To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?15443.42601.781625.356369>