From owner-freebsd-arch@FreeBSD.ORG  Fri Jul 18 10:07:31 2003
Return-Path: <owner-freebsd-arch@FreeBSD.ORG>
Delivered-To: freebsd-arch@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP
	id 6EE2537B401; Fri, 18 Jul 2003 10:07:31 -0700 (PDT)
Received: from fledge.watson.org (fledge.watson.org [204.156.12.50])
	by mx1.FreeBSD.org (Postfix) with ESMTP
	id AF46743F75; Fri, 18 Jul 2003 10:07:30 -0700 (PDT)
	(envelope-from robert@fledge.watson.org)
Received: from fledge.watson.org (localhost [127.0.0.1])
	by fledge.watson.org (8.12.9/8.12.9) with ESMTP id h6IH75ai076759;
	Fri, 18 Jul 2003 13:07:05 -0400 (EDT)
	(envelope-from robert@fledge.watson.org)
Received: from localhost (robert@localhost)h6IH741o076756;
	Fri, 18 Jul 2003 13:07:05 -0400 (EDT)
Date: Fri, 18 Jul 2003 13:07:04 -0400 (EDT)
From: Robert Watson <rwatson@freebsd.org>
X-Sender: robert@fledge.watson.org
To: Bosko Milekic <bmilekic@technokratis.com>
In-Reply-To: <20030718111410.GA28377@technokratis.com>
Message-ID: <Pine.NEB.3.96L.1030718130619.75563C-100000@fledge.watson.org>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
cc: darrenr@freebsd.org
cc: John-Mark Gurney <gurney_j@efn.org>
cc: arch@freebsd.org
Subject: Re: Things to remove from /rescue
X-BeenThere: freebsd-arch@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: Discussion related to FreeBSD architecture
	<freebsd-arch.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-arch>,
	<mailto:freebsd-arch-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-arch>
List-Post: <mailto:freebsd-arch@freebsd.org>
List-Help: <mailto:freebsd-arch-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-arch>,
	<mailto:freebsd-arch-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 18 Jul 2003 17:07:31 -0000


On Fri, 18 Jul 2003, Bosko Milekic wrote:

> On Fri, Jul 18, 2003 at 07:44:38AM -0700, Wes Peters wrote:
> [...]
> > > I believe that sysctl only affects ipfw, so people using ipfilter might
> > > still need ipf if ipfilter defaults to block as well.
> > 
> > It would seem advisable to add such a sysctl for ipfilter.  Any 
> > objections, Darren?
> 
>   How about having both ipfw and ipfilter check the same sysctl 'allow
>   all by default' knob?  

Well, there are actually people who run with both, and you can probably
fairly easily imagine scenarios where you'd want them to be independent.
Also, you don't want management tools to be confused about which they're
twiddling.

Robert N M Watson             FreeBSD Core Team, TrustedBSD Projects
robert@fledge.watson.org      Network Associates Laboratories