From owner-freebsd-stable Mon Jan 28 12:21:33 2002 Delivered-To: freebsd-stable@freebsd.org Received: from ns.yogotech.com (ns.yogotech.com [206.127.123.66]) by hub.freebsd.org (Postfix) with ESMTP id ECD9437B444 for ; Mon, 28 Jan 2002 12:20:56 -0800 (PST) Received: from caddis.yogotech.com (caddis.yogotech.com [206.127.123.130]) by ns.yogotech.com (8.9.3/8.9.3) with ESMTP id NAA04641; Mon, 28 Jan 2002 13:20:42 -0700 (MST) (envelope-from nate@yogotech.com) Received: (from nate@localhost) by caddis.yogotech.com (8.11.6/8.11.6) id g0SKKft69842; Mon, 28 Jan 2002 13:20:41 -0700 (MST) (envelope-from nate) From: Nate Williams MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Message-ID: <15445.45720.514136.887062@caddis.yogotech.com> Date: Mon, 28 Jan 2002 13:20:40 -0700 To: "M. Warner Losh" Cc: nate@yogotech.com, ertr1013@student.uu.se, cjm2@earthling.net, charon@seektruth.org, dsyphers@uchicago.edu, stable@FreeBSD.ORG Subject: Re: Firewall config non-intuitiveness In-Reply-To: <20020128.131414.49257581.imp@village.org> References: <1617.216.153.202.59.1012240332.squirrel@www1.27in.tv> <20020128192930.GA86720@student.uu.se> <15445.44102.288461.155113@caddis.yogotech.com> <20020128.131414.49257581.imp@village.org> X-Mailer: VM 6.96 under 21.1 (patch 14) "Cuyahoga Valley" XEmacs Lucid Reply-To: nate@yogotech.com (Nate Williams) Sender: owner-freebsd-stable@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG > : If I enable the clutch in my car, my car moves (assuming it's in gear). > : If I disable it, the power is no longer going to the drive wheels. > > That's not quite right, but it is a good analogy. If you disable your > clutch, then you are going to have to shift without it and deal with > putting it into gear at stops. Unfortunately, you can't do it w/out a clutch. (At least, not without tearing your clutch/transmission to bits). > If you enable your clutch, then you > can use it to help in shifting. This isn't quite the same as what you > said, and an analogous condition exists with the firewall rules. "help in shifting"? I'd call a clutch the most critical part of a transmission. W/out a clutch, you don't have a transmission. > Also, when you enable apm, you aren't enabling power management. Sure you are. > That's done in the BIOS. You are enabling the OS using the power > management. If you don't enable apm in the OS, power management won't be done. It (the BIOS) sends the commands to the OS, which ignores them, and the BIOS does nothing. (It means that you can't shutdown the box automatically when the power gets low, etc...) > If you set apm_enable to NO, then the OS doesn't enable power > management, but at the same time it doesn't go down to the BIOS to > turn off the power management settings in the BIOS. Because that wouldn't do much. > The effects in this case are almost identical, but some BIOSes will > still spin down the hard disk, etc even when APM isn't engaged. Not w/out OS participation on any of the dozen or so laptops I've owned, or any of the desktops. > When you say sendmail_enable=no, it doesn't prevent another mailer > from binding to port 25. No, but it disables 'sendmail' from binding to port 25. Note the item is 'sendmail_enable', not 'mail_enable'. > It just fails to start sendmail, which is the default behavior for the > system. If you have sendmail_enable=NO, it doesn't go through and > delete the mail queue, or make it impossible to run sendmail from a > cron job. Who said anything about making anything impossible? Saying 'firewall_enable'=NO doesn't disable the system from using the firewall in the future. It doesn't recompile the kernel and remove the FIREWALL capability from the kernel, and/or delete ipfw.ko from the system. Now you're being silly. Nate To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message