Date: Mon, 28 Jan 2002 13:48:57 -0700 From: Nate Williams <nate@yogotech.com> To: "M. Warner Losh" <imp@village.org> Cc: nate@yogotech.com, ertr1013@student.uu.se, cjm2@earthling.net, charon@seektruth.org, dsyphers@uchicago.edu, stable@FreeBSD.ORG Subject: Re: Firewall config non-intuitiveness Message-ID: <15445.47417.195311.667565@caddis.yogotech.com> In-Reply-To: <20020128.134203.76273366.imp@village.org> References: <15445.44102.288461.155113@caddis.yogotech.com> <20020128.131414.49257581.imp@village.org> <15445.45720.514136.887062@caddis.yogotech.com> <20020128.134203.76273366.imp@village.org>
next in thread | previous in thread | raw e-mail | index | archive | help
> : > : If I enable the clutch in my car, my car moves (assuming it's in gear). > : > : If I disable it, the power is no longer going to the drive wheels. > : > > : > That's not quite right, but it is a good analogy. If you disable your > : > clutch, then you are going to have to shift without it and deal with > : > putting it into gear at stops. > : > : Unfortunately, you can't do it w/out a clutch. (At least, not without > : tearing your clutch/transmission to bits). > > Yes, you can. Not unless you understand how things work in the engine. (The average car owner is not capable of shifting w/out a clutch, and even the most savvy of car owners is unable to *NOT* use a clutch when starting/stopping a car.) So, following that analogy, if I can read/understand how a kernel works, then I'm qualified to ignore the defaults, since I can make it do *whatever* I want it to. However, car manufacturers do not primarily build cars for those kinds of people, but instead build it (as well as document it) for an 'average' driver. > : > If you enable your clutch, then you > : > can use it to help in shifting. This isn't quite the same as what you > : > said, and an analogous condition exists with the firewall rules. > : > : "help in shifting"? I'd call a clutch the most critical part of a > : transmission. W/out a clutch, you don't have a transmission. > > I have seen people goe years w/o a functioning clutch. Randy Seager, > an old boss, didn't have a clutch in his 1974 trans-am for the three > years I worked for him. He had to match the gear speeds exactly to > shift at stoplights, but was able to do it. FWIW, he couldn't do that with a newer manual transmission. The synchro-mesh wouldn't allow you to shift in/out of gear at a stop. (And, I'm suprised it worked on his TA. My suspicion is that it was so worn out that it only worked b/c of wear.) > : > Also, when you enable apm, you aren't enabling power management. > : > : Sure you are. > : > : > That's done in the BIOS. You are enabling the OS using the power > : > management. > : > : If you don't enable apm in the OS, power management won't be done. It > : (the BIOS) sends the commands to the OS, which ignores them, and the > : BIOS does nothing. > : > : (It means that you can't shutdown the box automatically when the power > : gets low, etc...) > > That's not correct. I have had machines that did spin down disks, > even when the OS didn't enable the APM/ACPI interface. Again, that is completely different from my experience with the over a dozen laptops I've had in 7+ years. > : > It just fails to start sendmail, which is the default behavior for the > : > system. If you have sendmail_enable=NO, it doesn't go through and > : > delete the mail queue, or make it impossible to run sendmail from a > : > cron job. > : > : Who said anything about making anything impossible? Saying > : 'firewall_enable'=NO doesn't disable the system from using the firewall > : in the future. It doesn't recompile the kernel and remove the FIREWALL > : capability from the kernel, and/or delete ipfw.ko from the system. > : > : Now you're being silly. > > No. I'm being consistant. I refuse to respond anymore when then discussion has sunk to this level. Nate To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?15445.47417.195311.667565>