From owner-freebsd-stable  Thu Jan 31  7:40:25 2002
Delivered-To: freebsd-stable@freebsd.org
Received: from wasp.eng.ufl.edu (wasp.eng.ufl.edu [128.227.116.1])
	by hub.freebsd.org (Postfix) with ESMTP id 6103837B416
	for <stable@freebsd.org>; Thu, 31 Jan 2002 07:40:04 -0800 (PST)
Received: from eng.ufl.edu (scanner.engnet.ufl.edu [128.227.152.221])
	by wasp.eng.ufl.edu (8.9.3/8.9.3) with ESMTP id KAA01897;
	Thu, 31 Jan 2002 10:40:01 -0500 (EST)
Message-ID: <3C596550.BCC94C25@eng.ufl.edu>
Date: Thu, 31 Jan 2002 10:40:00 -0500
From: Bob Johnson <bob@eng.ufl.edu>
X-Mailer: Mozilla 4.79 [en] (X11; U; Linux 2.2.12 i386)
X-Accept-Language: en, eo
MIME-Version: 1.0
To: nate@yogotech.com
Cc: stable@freebsd.org
Subject: Re: Firewall config non-intuitiveness
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Sender: owner-freebsd-stable@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-stable.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-stable>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-stable>
X-Loop: FreeBSD.ORG

> 
> Date: Mon, 28 Jan 2002 12:53:42 -0700
> From: Nate Williams <nate@yogotech.com>
> Subject: Re: Firewall config non-intuitiveness
> 
> > Note that "do not enable firewall" (which is implied by firewall_enable="NO") 
> > is *not* equivalent to "disable firewall".
> 
> Maybe we're having an English language question.
> 
> If something isn't enabled, doesn't that imply that it's disabled?  Last
> I checked, enabled/disabled were binary operations.
> 
> If I enable the clutch in my car, my car moves (assuming it's in gear).
> If I disable it, the power is no longer going to the drive wheels.
> 
> It's either enabled or disabled.  There is no 'in-between' state.
> (Well, unless you're riding the clutch, but that's not considered a
> valid state, since the behavior is undefined, as well as bad for your
> clutch. :)
> 

You sort of answered your own question.  Most supposedly binary 
choices aren't: there are other options that may not be recommended, 
or well defined, but they exist. 

More to the point, "Do not enable firewall" can be reasonably 
interpreted to mean "leave the firewall how you found it, instead 
of forcing it to be enabled".

Or to put it another way, "do not do it" does not mean "do the 
opposite",  E.g. "do not build a house" does not mean "tear down 
a house".  It means "leave things the way you found them".


> 
> Nate

- Bob

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-stable" in the body of the message