From owner-freebsd-stable Sun Jan 27 23: 3:29 2002 Delivered-To: freebsd-stable@freebsd.org Received: from smtpout.mac.com (smtpout.mac.com [204.179.120.89]) by hub.freebsd.org (Postfix) with ESMTP id 59C6937B416 for ; Sun, 27 Jan 2002 23:03:09 -0800 (PST) Received: from smtp-relay01.mac.com (server-source-si02 [10.13.10.6]) by smtpout.mac.com (8.12.1/8.10.2/1.0) with ESMTP id g0S738Gm002123 for ; Sun, 27 Jan 2002 23:03:09 -0800 (PST) Received: from asmtp02.mac.com ([10.13.10.66]) by smtp-relay01.mac.com (Netscape Messaging Server 4.15 relay01 Jun 21 2001 23:53:48) with ESMTP id GQMZL800.UH3 for ; Sun, 27 Jan 2002 23:03:08 -0800 Received: from quinn ([24.91.220.49]) by asmtp02.mac.com (Netscape Messaging Server 4.15 asmtp02 Jun 21 2001 23:53:48) with ESMTP id GQMZL700.ECP for ; Sun, 27 Jan 2002 23:03:07 -0800 Date: Mon, 28 Jan 2002 02:03:03 -0500 Mime-Version: 1.0 (Apple Message framework v480) Content-Type: text/plain; charset=US-ASCII; format=flowed Subject: re: firewall config (CTFM) From: Justin White To: freebsd-stable@FreeBSD.ORG Content-Transfer-Encoding: 7bit Message-Id: <12A141AE-13BD-11D6-876A-000393092F82@mac.com> X-Mailer: Apple Mail (2.480) Sender: owner-freebsd-stable@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG instead of changing the way the system works, let's change the documentation. new people _should_ be reading the docs, and for people that already know, well, their existing configuration won't need to change a bit. in RELENG_4 from 5 Nov, /etc/defaults/rc.conf reads: -snip- firewall_enable="NO" # Set to YES to enable firewall functionality firewall_script="/etc/rc.firewall" # Which script to run to set up the firewall -snip- change the first line to read: firewall_enable="NO" # set to YES to enable running of the following firewall script since they _should_ have already read about default-deny in the kernel config, the rc.conf docs will remind them that the kernel's policy will stand without any rules being run. i'm not trying to be mean, but if you don't read the docs, you deserve the problems you get. but we need to have good docs to get people using the system without getting frustrated. i'm now going to scope out the documentation project on freebsd.org some more:-) -Justin White just6979@yahoo.com http://justinfinity.2y.net/ AIM:just6979 PS: for fun, here's a diff for the latest file in cvs as of right now :-P ---snip--- 52c52 < firewall_enable="NO" # Set to YES to enable firewall functionality --- > firewall_enable="NO" # Set to YES to run the following firewall script ---snip--- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message