Date: Sun, 27 Jan 2002 00:30:04 -0700 From: Nate Williams <nate@yogotech.com> To: "M. Warner Losh" <imp@village.org> Cc: nate@yogotech.com, stable@FreeBSD.ORG Subject: Re: Firewall config non-intuitiveness Message-ID: <15443.44156.595426.139371@caddis.yogotech.com> In-Reply-To: <20020127.002337.37328950.imp@village.org> References: <15443.41177.259786.242696@caddis.yogotech.com> <3C53A5A2.A5F8FBD6@tenebras.com> <15443.42601.781625.356369@caddis.yogotech.com> <20020127.002337.37328950.imp@village.org>
next in thread | previous in thread | raw e-mail | index | archive | help
> You still haven't responded to my comment that I have it setup like > this on some of my boxes so that I can do things that don't fit in > well with the current firewall paradigm. Nor to my comment that we > shouldn't be changing a security feature in a fail*UN*safe way. Explain to me how disabling the firewall with 'FIREWALL_ENABLE=NO' can be unsafe? Can you show me *ANY* system that uses a closed down firewall that also has FIREWALL_ENABLE=NO? That would be the only 'safe->unsafe' transition, since otherwise the default firewall setup is wide-open. > I'll grant that I might be in the minority here, but I sure don't want > my the ability to use my firewall going away after my "next" > mergemaster change because you were helpful and unloaded/disabled > stuff for me. Fixing something that's broken is still fixing something. If you don't want a firewall, then why have it activated and enabled? (This is a rhetorical question.) Nate To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?15443.44156.595426.139371>