Date: Fri, 18 Jul 2003 13:07:04 -0400 (EDT) From: Robert Watson <rwatson@freebsd.org> To: Bosko Milekic <bmilekic@technokratis.com> Cc: arch@freebsd.org Subject: Re: Things to remove from /rescue Message-ID: <Pine.NEB.3.96L.1030718130619.75563C-100000@fledge.watson.org> In-Reply-To: <20030718111410.GA28377@technokratis.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, 18 Jul 2003, Bosko Milekic wrote: > On Fri, Jul 18, 2003 at 07:44:38AM -0700, Wes Peters wrote: > [...] > > > I believe that sysctl only affects ipfw, so people using ipfilter might > > > still need ipf if ipfilter defaults to block as well. > > > > It would seem advisable to add such a sysctl for ipfilter. Any > > objections, Darren? > > How about having both ipfw and ipfilter check the same sysctl 'allow > all by default' knob? Well, there are actually people who run with both, and you can probably fairly easily imagine scenarios where you'd want them to be independent. Also, you don't want management tools to be confused about which they're twiddling. Robert N M Watson FreeBSD Core Team, TrustedBSD Projects robert@fledge.watson.org Network Associates Laboratories
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.NEB.3.96L.1030718130619.75563C-100000>