From owner-freebsd-stable  Mon Jan 28 11:51:53 2002
Delivered-To: freebsd-stable@freebsd.org
Received: from rockstar.stealthgeeks.net (h-66-134-120-173.LSANCA54.covad.net [66.134.120.173])
	by hub.freebsd.org (Postfix) with SMTP id 5D60537B400
	for <freebsd-stable@FreeBSD.ORG>; Mon, 28 Jan 2002 11:51:50 -0800 (PST)
Received: (qmail 96116 invoked by uid 1001); 28 Jan 2002 19:51:49 -0000
Received: from localhost (sendmail-bs@127.0.0.1)
  by localhost with SMTP; 28 Jan 2002 19:51:49 -0000
Date: Mon, 28 Jan 2002 11:51:49 -0800 (PST)
From: Patrick Greenwell <patrick@stealthgeeks.net>
To: "Robert D. Hughes" <rob@robhughes.com>
Cc: Nate Williams <nate@yogotech.com>,
	Justin White <justinfinity@mac.com>, <freebsd-stable@FreeBSD.ORG>
Subject: RE: firewall config (CTFM)
In-Reply-To: <B95B566BD245174196CA4EE29E5818831B6469@HEXCH01.robhughes.com>
Message-ID: <20020128113806.O95859-100000@rockstar.stealthgeeks.net>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-stable@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-stable.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-stable>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-stable>
X-Loop: FreeBSD.ORG

On Mon, 28 Jan 2002, Robert D. Hughes wrote:

> While this will probably get me flamed to no end, users not reading the
> docs and keeping up with advisories (sys admins are users too) is only
> the cause of little things like nimda, code red, and probably at least
> 90% of all the other problems people report with any system.

It's always amusing when "keyword commentators" chime in. You know the
type; a certain set of keywords trigger a post from these well-intentioned
folks that usually haven't bothered to read an entire thread.

I've said it repeatedly, but since you weren't paying attention, I'll say
it specifically for your benefit: there is no documentation on the
ineffectiveness of setting firewall_enable to no, anywhere. One is left to
their crystal ball and various and sundry scrying devices in order to
intuit that unlike setting firewall_enable to yes, setting firewall_enable
to no doesn't do anything and leaves you with a box that doesn't pass packets.

[insert obligatory follow-up argument from other parties that says that
people that are smart enough to compile a firewall into their kernel
aren't smart enough to enable it so it needs to be done for them
regardless.]

/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\
                               Patrick Greenwell
                     Stealthgeeks,LLC. Operations Consulting
                          http://www.stealthgeeks.net
\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/




To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-stable" in the body of the message