From owner-freebsd-stable  Sat Mar 25 20:34:47 2000
Delivered-To: freebsd-stable@freebsd.org
Received: from polaris.shore.net (polaris.shore.net [207.244.124.105])
	by hub.freebsd.org (Postfix) with ESMTP id DBF0037B8ED
	for <freebsd-stable@freebsd.org>; Sat, 25 Mar 2000 20:34:42 -0800 (PST)
	(envelope-from tjlegg@shore.net)
Received: from eskimos.the-eleven.com [207.244.92.51] 
	by polaris.shore.net with esmtp (Exim)
	id 12Z4l6-0004f7-00; Sat, 25 Mar 2000 23:34:40 -0500
Mime-Version: 1.0
X-Sender: tjlegg@shell2.shore.net
Message-Id: <p04310102b50341186e5f@[207.244.92.51]>
In-Reply-To: <38DD8E7B.CA0781BD@gorean.org>
References: <p04310101b5032cb2a0b9@[207.244.92.51]>	
 <38DD87C8.8D8FC976@gorean.org> <p04310101b5033a42d23f@[207.244.92.51]>
 <38DD8E7B.CA0781BD@gorean.org>
Date: Sat, 25 Mar 2000 23:34:27 -0500
To: Doug Barton <Doug@gorean.org>
From: Tom Legg <tjlegg@shore.net>
Subject: Re: Minor rc.network bug for 4.0 and ipfw
Cc: freebsd-stable@freebsd.org
Content-Type: text/plain; charset="us-ascii" ; format="flowed"
Sender: owner-freebsd-stable@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

At 8:13 PM -0800 3/25/2000, Doug Barton wrote:
>Tom Legg wrote:
>
>>  In fact the current situation renders the rc.conf flag for
>>  firewall_enable mute. You might as well eliminate the flag and have
>>  /etc/rc.network check whether net.inet.ip.fw.enable=1 and go from
>>  there.
>
>	I think you mean moot. :) In any case, the current set of options
>allows a user to specify the settings in rc.conf without compiling the
>ipfw stuff into the kernel.
>
>Doug

I'm SHIRLEY not arguing against allowing the rc scripts loading the 
kernel  modules if firewall_enable="YES".

All I'm saying is that an admin that is sophisticated enough to 
compile a custom kernel with IPFW is also sophisticated enough to 
change the rc flag to "YES" when they want the firewall enabled. But 
I "pity the foo" that has to come and adminster a system where 
firewall_enable="NO" in boot up does not mean net.inet.ip.fw.enable=0 
. when 0=1 even us poor luser FreeBSD admin wannabes get confused 
(how the h*ll can we blue screen for division by 0 if 0=1?)
-- 
-----
Tom Legg
tjlegg@shore.net
http://www.shore.net/~tjlegg/


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-stable" in the body of the message