From owner-freebsd-stable Sat Jan 26 23: 4:57 2002 Delivered-To: freebsd-stable@freebsd.org Received: from ns.yogotech.com (ns.yogotech.com [206.127.123.66]) by hub.freebsd.org (Postfix) with ESMTP id 91C9637B42A for ; Sat, 26 Jan 2002 23:04:40 -0800 (PST) Received: from caddis.yogotech.com (caddis.yogotech.com [206.127.123.130]) by ns.yogotech.com (8.9.3/8.9.3) with ESMTP id AAA06949; Sun, 27 Jan 2002 00:04:11 -0700 (MST) (envelope-from nate@yogotech.com) Received: (from nate@localhost) by caddis.yogotech.com (8.11.6/8.11.6) id g0R74As53785; Sun, 27 Jan 2002 00:04:10 -0700 (MST) (envelope-from nate) From: Nate Williams MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Message-ID: <15443.42601.781625.356369@caddis.yogotech.com> Date: Sun, 27 Jan 2002 00:04:09 -0700 To: Michael Sierchio Cc: Nate Williams , Bob K , Patrick Greenwell , stable@FreeBSD.ORG Subject: Re: Firewall config non-intuitiveness In-Reply-To: <3C53A5A2.A5F8FBD6@tenebras.com> References: <000c01c1a5ff$a4539870$0101a8c0@cascade> <20020125165307.C54729-100000@rockstar.stealthgeeks.net> <20020125203328.A454@yip.org> <15443.41177.259786.242696@caddis.yogotech.com> <3C53A5A2.A5F8FBD6@tenebras.com> X-Mailer: VM 6.96 under 21.1 (patch 14) "Cuyahoga Valley" XEmacs Lucid Reply-To: nate@yogotech.com (Nate Williams) Sender: owner-freebsd-stable@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG > > I'm guessing the number of firewall admins who have 'firewall_enable=NO' > > in their configuration file is 0. > > Well... I start it in my setup script that enables the 802.11 > interface, so I have it (and natd_enable) set to "NO" -- a > peculiar case, the exception which proves you right, etc. > I need both PCMCIA interfaces up before I start these, and > the standard rc scripts don't provide a good way of doing > this with more than one pccard interface (it's an old > laptop that serves as my SMTP and DNS host, it has a built-in > UPS aka a battery). Sure it does. Add '-z' to pccard_flags, and both cards will be setup and completely configured *before* the firewall needs to be enabled. (Been there, doing that right now on my laptop). > The PCCARD stuff is somewhat non-deterministic and asynchronous > in when the daemon actually gets the interfaces up, so... See above. It can easily be done in a more standard way. (One can argue that the '-z' should be the default flag, but so far I've failed to convince Warner of this fact. :) :) Nate To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message