From owner-freebsd-arch  Fri Jan 25  3:11: 8 2002
Delivered-To: freebsd-arch@freebsd.org
Received: from mta6.snfc21.pbi.net (mta6.snfc21.pbi.net [206.13.28.240])
	by hub.freebsd.org (Postfix) with ESMTP
	id EBACE37B400; Fri, 25 Jan 2002 03:11:05 -0800 (PST)
Received: from blackbox.pacbell.net ([64.166.84.36])
 by mta6.snfc21.pbi.net (iPlanet Messaging Server 5.1 (built May  7 2001))
 with ESMTP id <0GQH00GJ0R2GJZ@mta6.snfc21.pbi.net>; Fri,
 25 Jan 2002 03:11:05 -0800 (PST)
Received: (from mikem@localhost)	by blackbox.pacbell.net (8.11.6/8.11.6)
 id g0PBBTp18677; Fri, 25 Jan 2002 03:11:29 -0800 (PST envelope-from mikem)
Date: Fri, 25 Jan 2002 03:11:29 -0800
From: Mike Makonnen <mike_makonnen@yahoo.com>
Subject: Re: Changing rc.conf(5) firewall_enable
In-reply-to: <20020124222225.O87663@blossom.cjclark.org>
To: "Crist J. Clark" <cjc@freebsd.org>
Cc: arch@freebsd.org
Message-id: <200201251111.g0PBBTp18677@blackbox.pacbell.net>
MIME-version: 1.0
X-Mailer: Sylpheed version 0.7.0 (GTK+ 1.2.10; i386--freebsd5.0)
Content-type: text/plain; charset=US-ASCII
Content-transfer-encoding: 7BIT
References: <20020124222225.O87663@blossom.cjclark.org>
Sender: owner-freebsd-arch@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-arch.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-arch>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-arch>
X-Loop: FreeBSD.ORG

On Thu, 24 Jan 2002 22:22:25 -0800
"Crist J. Clark" <cjc@freebsd.org> wrote:

> ... I don't think there are
> an machines out there running with firewalling built into the kernel
> with 'firewall_enable="NO"' who will have their security affected by
> such a change.

This should probably be mentioned in UPDATING.  Although the current
behaviour sounds counter-intuitive, who knows how many people have been
relying on it (explicitly or without knowing it). I know when I first
started using it I had the firewall compiled into the kernel, and it was
only after I started using the loadable module that I realized I had to
explicitly override firewall_enable in my rc.conf.

cheers,
mike makonnen

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-arch" in the body of the message