From owner-freebsd-stable  Mon Jan 28 12:17:42 2002
Delivered-To: freebsd-stable@freebsd.org
Received: from wow.atlasta.net (wow.atlasta.net [128.241.97.71])
	by hub.freebsd.org (Postfix) with ESMTP id 7017937B416
	for <stable@FreeBSD.ORG>; Mon, 28 Jan 2002 12:17:35 -0800 (PST)
Received: from localhost (drais@localhost)
	by wow.atlasta.net (8.11.2/8.11.2) with ESMTP id g0SKHWJ29215;
	Mon, 28 Jan 2002 12:17:32 -0800 (PST)
Date: Mon, 28 Jan 2002 12:17:32 -0800 (PST)
From: David Raistrick <drais@wow.atlasta.net>
To: Nate Williams <nate@yogotech.com>
Cc: stable@FreeBSD.ORG
Subject: Re: Firewall config non-intuitiveness
In-Reply-To: <15445.44102.288461.155113@caddis.yogotech.com>
Message-ID: <Pine.BSF.4.21.0201281211070.22070-100000@wow.atlasta.net>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-stable@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-stable.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-stable>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-stable>
X-Loop: FreeBSD.ORG

On Mon, 28 Jan 2002, Nate Williams wrote:

> > Note that "do not enable firewall" (which is implied by firewall_enable="NO") 
> > is *not* equivalent to "disable firewall".
> 
> Maybe we're having an English language question.
> 
> If something isn't enabled, doesn't that imply that it's disabled?  Last
> I checked, enabled/disabled were binary operations.

It would so appear...but there is this alternative:

The firewall is already on.  If there is not an explicit disable, it is
still on.  firewall_enable="NO" wouldnt be a "disable" just a "do
nothing. if on, leave on, if off, leave off."


It IS confusing though.

Especially when man rc.conf says:

   firewall_enable (bool) Set to ``NO'' if you do not want have firewall
rules loaded at startup, or ``YES'' if you do.

that sort of implies that it would disable it...but only an
implication.  I guess that it leaves to the obvious that if it is enabled
through a method other then the rc.conf, it is up to the
user..er..admin...to know that.

anyway. i probably should have read how this all started...:p

...david

---
david raistrick (no longer deep in the south georgia woods)
drais@atlasta.net		http://www.expita.com/nomime.html



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-stable" in the body of the message