From owner-freebsd-stable Mon Jan 28 12:42:29 2002 Delivered-To: freebsd-stable@freebsd.org Received: from rover.village.org (rover.bsdimp.com [204.144.255.66]) by hub.freebsd.org (Postfix) with ESMTP id 4533837B402 for ; Mon, 28 Jan 2002 12:42:25 -0800 (PST) Received: from harmony.village.org (harmony.village.org [10.0.0.6]) by rover.village.org (8.11.3/8.11.3) with ESMTP id g0SKgKo19600; Mon, 28 Jan 2002 13:42:20 -0700 (MST) (envelope-from imp@village.org) Received: from localhost (warner@rover2.village.org [10.0.0.1]) by harmony.village.org (8.11.6/8.11.6) with ESMTP id g0SKgIx12486; Mon, 28 Jan 2002 13:42:18 -0700 (MST) (envelope-from imp@village.org) Date: Mon, 28 Jan 2002 13:42:03 -0700 (MST) Message-Id: <20020128.134203.76273366.imp@village.org> To: nate@yogotech.com Cc: ertr1013@student.uu.se, cjm2@earthling.net, charon@seektruth.org, dsyphers@uchicago.edu, stable@FreeBSD.ORG Subject: Re: Firewall config non-intuitiveness From: "M. Warner Losh" In-Reply-To: <15445.45720.514136.887062@caddis.yogotech.com> References: <15445.44102.288461.155113@caddis.yogotech.com> <20020128.131414.49257581.imp@village.org> <15445.45720.514136.887062@caddis.yogotech.com> X-Mailer: Mew version 2.1 on Emacs 21.1 / Mule 5.0 (SAKAKI) Mime-Version: 1.0 Content-Type: Text/Plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-stable@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG In message: <15445.45720.514136.887062@caddis.yogotech.com> Nate Williams writes: : > : If I enable the clutch in my car, my car moves (assuming it's in gear). : > : If I disable it, the power is no longer going to the drive wheels. : > : > That's not quite right, but it is a good analogy. If you disable your : > clutch, then you are going to have to shift without it and deal with : > putting it into gear at stops. : : Unfortunately, you can't do it w/out a clutch. (At least, not without : tearing your clutch/transmission to bits). Yes, you can. : > If you enable your clutch, then you : > can use it to help in shifting. This isn't quite the same as what you : > said, and an analogous condition exists with the firewall rules. : : "help in shifting"? I'd call a clutch the most critical part of a : transmission. W/out a clutch, you don't have a transmission. I have seen people goe years w/o a functioning clutch. Randy Seager, an old boss, didn't have a clutch in his 1974 trans-am for the three years I worked for him. He had to match the gear speeds exactly to shift at stoplights, but was able to do it. : > Also, when you enable apm, you aren't enabling power management. : : Sure you are. : : > That's done in the BIOS. You are enabling the OS using the power : > management. : : If you don't enable apm in the OS, power management won't be done. It : (the BIOS) sends the commands to the OS, which ignores them, and the : BIOS does nothing. : : (It means that you can't shutdown the box automatically when the power : gets low, etc...) That's not correct. I have had machines that did spin down disks, even when the OS didn't enable the APM/ACPI interface. I just tried it on my inspiron 8000 from dell, and the disks did spin down. You couldn't turn off the machine with apm not enabled, but not all power management functions were disabled. : > It just fails to start sendmail, which is the default behavior for the : > system. If you have sendmail_enable=NO, it doesn't go through and : > delete the mail queue, or make it impossible to run sendmail from a : > cron job. : : Who said anything about making anything impossible? Saying : 'firewall_enable'=NO doesn't disable the system from using the firewall : in the future. It doesn't recompile the kernel and remove the FIREWALL : capability from the kernel, and/or delete ipfw.ko from the system. : : Now you're being silly. No. I'm being consistant. Warner To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message