From owner-cvs-all Sat Jan 11 19:31:12 2003 Delivered-To: cvs-all@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 6907737B401; Sat, 11 Jan 2003 19:31:11 -0800 (PST) Received: from repoman.freebsd.org (repoman.freebsd.org [216.136.204.115]) by mx1.FreeBSD.org (Postfix) with ESMTP id 29F9343F13; Sat, 11 Jan 2003 19:31:11 -0800 (PST) (envelope-from dillon@FreeBSD.org) Received: from repoman.freebsd.org (localhost [127.0.0.1]) by repoman.freebsd.org (8.12.6/8.12.6) with ESMTP id h0C3VAfh040456; Sat, 11 Jan 2003 19:31:10 -0800 (PST) (envelope-from dillon@repoman.freebsd.org) Received: (from dillon@localhost) by repoman.freebsd.org (8.12.6/8.12.6/Submit) id h0C3VA2H040455; Sat, 11 Jan 2003 19:31:10 -0800 (PST) Message-Id: <200301120331.h0C3VA2H040455@repoman.freebsd.org> From: Matt Dillon Date: Sat, 11 Jan 2003 19:31:10 -0800 (PST) To: cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org Subject: cvs commit: src/sbin/ipfw ipfw.8 ipfw2.c X-FreeBSD-CVS-Branch: HEAD Sender: owner-cvs-all@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG dillon 2003/01/11 19:31:10 PST Modified files: sbin/ipfw ipfw.8 ipfw2.c Log: It turns out that we do not need to add a new ioctl to unbreak a default-to-deny firewall. Simply turning off IPFW via a preexisting sysctl does the job. To make it more apparent (since nobody picked up on this in a week's worth of flames), the boolean sysctl's have been integrated into the /sbin/ipfw command set in an obvious and straightforward manner. For example, you can now do 'ipfw disable firewall' or 'ipfw enable firewall'. This is far easier to remember then the net.inet.ip.fw.enable sysctl. Reviewed by: imp MFC after: 3 days Revision Changes Path 1.119 +16 -0 src/sbin/ipfw/ipfw.8 1.21 +27 -0 src/sbin/ipfw/ipfw2.c To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe cvs-all" in the body of the message