From owner-freebsd-stable Mon Jan 28 12:32:38 2002 Delivered-To: freebsd-stable@freebsd.org Received: from mail.acns.ab.ca (mail.acns.ab.ca [142.179.151.95]) by hub.freebsd.org (Postfix) with ESMTP id C175B37B419 for ; Mon, 28 Jan 2002 12:32:33 -0800 (PST) Received: from colnta.acns.ab.ca (colnta.acns.ab.ca [192.168.1.2]) by mail.acns.ab.ca (8.11.6/8.11.3) with ESMTP id g0SKWXV18724; Mon, 28 Jan 2002 13:32:33 -0700 (MST) (envelope-from davidc@colnta.acns.ab.ca) Received: (from davidc@localhost) by colnta.acns.ab.ca (8.11.6/8.11.3) id g0SKWWj66473; Mon, 28 Jan 2002 13:32:32 -0700 (MST) (envelope-from davidc) Date: Mon, 28 Jan 2002 13:32:32 -0700 From: Chad David To: Nate Williams Cc: Erik Trulsson , C J Michaels , charon@seektruth.org, dsyphers@uchicago.edu, imp@village.org, stable@FreeBSD.ORG Subject: Re: Firewall config non-intuitiveness Message-ID: <20020128133232.C66369@colnta.acns.ab.ca> Mail-Followup-To: Nate Williams , Erik Trulsson , C J Michaels , charon@seektruth.org, dsyphers@uchicago.edu, imp@village.org, stable@FreeBSD.ORG References: <200201271757.g0RHvTF12944@midway.uchicago.edu> <1617.216.153.202.59.1012240332.squirrel@www1.27in.tv> <20020128192930.GA86720@student.uu.se> <15445.44102.288461.155113@caddis.yogotech.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <15445.44102.288461.155113@caddis.yogotech.com>; from nate@yogotech.com on Mon, Jan 28, 2002 at 12:53:42PM -0700 Sender: owner-freebsd-stable@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG On Mon, Jan 28, 2002 at 12:53:42PM -0700, Nate Williams wrote: > > Note that "do not enable firewall" (which is implied by firewall_enable="NO") > > is *not* equivalent to "disable firewall". > > Maybe we're having an English language question. > > If something isn't enabled, doesn't that imply that it's disabled? Last > I checked, enabled/disabled were binary operations. > > If I enable the clutch in my car, my car moves (assuming it's in gear). > If I disable it, the power is no longer going to the drive wheels. True, but the real question is what does firewall_enable actually enable and disable? In its current state it enables and disables the adding of rules as defined by firewall_type (rc.conf(5)). The docs could be a little better about what will happen if you set firewall_enable="NO", and have it compiled into your kernel. -- Chad David davidc@acns.ab.ca www.FreeBSD.org davidc@freebsd.org ACNS Inc. Calgary, Alberta Canada Fourthly, The constant breeders, beside the gain of eight shillings sterling per annum by the sale of their children, will be rid of the charge of maintaining them after the first year. - Johnathan Swift To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message