From owner-freebsd-stable Sun Jan 27 11:37:46 2002 Delivered-To: freebsd-stable@freebsd.org Received: from guru.mired.org (dsl-64-192-6-133.telocity.com [64.192.6.133]) by hub.freebsd.org (Postfix) with SMTP id 60C9B37B400 for ; Sun, 27 Jan 2002 11:37:43 -0800 (PST) Received: (qmail 54608 invoked by uid 100); 27 Jan 2002 19:37:37 -0000 MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Message-ID: <15444.22272.911155.374282@guru.mired.org> Date: Sun, 27 Jan 2002 13:37:36 -0600 To: charon@seektruth.org Cc: stable@freebsd.org Subject: Re: Firewall config non-intuitiveness In-Reply-To: <200201271853.g0RIrVF03620@midway.uchicago.edu> References: <3.0.5.32.20020127075816.01831ca0@mail.sage-american.com> <200201271757.g0RHvTF12944@midway.uchicago.edu> <20020127.110854.32932954.imp@village.org> <200201271853.g0RIrVF03620@midway.uchicago.edu> X-Mailer: VM 6.90 under 21.1 (patch 14) "Cuyahoga Valley" XEmacs Lucid X-face: "5Mnwy%?j>IIV\)A=):rjWL~NB2aH[}Yq8Z=u~vJ`"(,&SiLvbbz2W`;h9L,Yg`+vb1>RG% *h+%X^n0EZd>TM8_IB;a8F?(Fb"lw'IgCoyM.[Lg#r\ From: "Mike Meyer" X-Delivery-Agent: TMDA/0.44 (Python 2.2; freebsd-4.5-RC-i386) Sender: owner-freebsd-stable@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG David Syphers types: > The default rc.conf says next to firewall_enable "Set to YES to enable > firewall functionality," which implies that NO disables firewall > functionality. It doesn't imply that to me. It implies that the system isn't going to do anything to enable the firewall, which in particular means that it's not going to do anything about anything I've done about firewalls - like setting up one with ipfilter instead of ipfw, or using one built from tcp_wrappers, or using one enabled in the kernel. With your logic, setting syslogd_enable to "NO" would disable starting syslog-ng from /usr/local/etc/rc.d instead of just not starting the standard syslog. And so on through a long list of other things that are set to YES to enable a default version of something, and set to NO to not enable the default version. http://www.mired.org/home/mwm/ Independent WWW/Perforce/FreeBSD/Unix consultant, email for more information. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message