Date: Sun, 27 Jan 2002 13:37:36 -0600 From: "Mike Meyer" <mwm-dated-1012592257.1c6e60@mired.org> To: charon@seektruth.org Cc: stable@freebsd.org Subject: Re: Firewall config non-intuitiveness Message-ID: <15444.22272.911155.374282@guru.mired.org> In-Reply-To: <200201271853.g0RIrVF03620@midway.uchicago.edu> References: <3.0.5.32.20020127075816.01831ca0@mail.sage-american.com> <200201271757.g0RHvTF12944@midway.uchicago.edu> <20020127.110854.32932954.imp@village.org> <200201271853.g0RIrVF03620@midway.uchicago.edu>
next in thread | previous in thread | raw e-mail | index | archive | help
David Syphers <dsyphers@uchicago.edu> types: > The default rc.conf says next to firewall_enable "Set to YES to enable > firewall functionality," which implies that NO disables firewall > functionality. It doesn't imply that to me. It implies that the system isn't going to do anything to enable the firewall, which in particular means that it's not going to do anything about anything I've done about firewalls - like setting up one with ipfilter instead of ipfw, or using one built from tcp_wrappers, or using one enabled in the kernel. With your logic, setting syslogd_enable to "NO" would disable starting syslog-ng from /usr/local/etc/rc.d instead of just not starting the standard syslog. And so on through a long list of other things that are set to YES to enable a default version of something, and set to NO to not enable the default version. <mike -- Mike Meyer <mwm@mired.org> http://www.mired.org/home/mwm/ Independent WWW/Perforce/FreeBSD/Unix consultant, email for more information. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?15444.22272.911155.374282>