From owner-freebsd-stable Mon Jan 28 12:50:24 2002 Delivered-To: freebsd-stable@freebsd.org Received: from ns.yogotech.com (ns.yogotech.com [206.127.123.66]) by hub.freebsd.org (Postfix) with ESMTP id 3364D37B41C for ; Mon, 28 Jan 2002 12:49:15 -0800 (PST) Received: from caddis.yogotech.com (caddis.yogotech.com [206.127.123.130]) by ns.yogotech.com (8.9.3/8.9.3) with ESMTP id NAA05836; Mon, 28 Jan 2002 13:48:59 -0700 (MST) (envelope-from nate@yogotech.com) Received: (from nate@localhost) by caddis.yogotech.com (8.11.6/8.11.6) id g0SKmvp70275; Mon, 28 Jan 2002 13:48:57 -0700 (MST) (envelope-from nate) From: Nate Williams MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Message-ID: <15445.47417.195311.667565@caddis.yogotech.com> Date: Mon, 28 Jan 2002 13:48:57 -0700 To: "M. Warner Losh" Cc: nate@yogotech.com, ertr1013@student.uu.se, cjm2@earthling.net, charon@seektruth.org, dsyphers@uchicago.edu, stable@FreeBSD.ORG Subject: Re: Firewall config non-intuitiveness In-Reply-To: <20020128.134203.76273366.imp@village.org> References: <15445.44102.288461.155113@caddis.yogotech.com> <20020128.131414.49257581.imp@village.org> <15445.45720.514136.887062@caddis.yogotech.com> <20020128.134203.76273366.imp@village.org> X-Mailer: VM 6.96 under 21.1 (patch 14) "Cuyahoga Valley" XEmacs Lucid Reply-To: nate@yogotech.com (Nate Williams) Sender: owner-freebsd-stable@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG > : > : If I enable the clutch in my car, my car moves (assuming it's in gear). > : > : If I disable it, the power is no longer going to the drive wheels. > : > > : > That's not quite right, but it is a good analogy. If you disable your > : > clutch, then you are going to have to shift without it and deal with > : > putting it into gear at stops. > : > : Unfortunately, you can't do it w/out a clutch. (At least, not without > : tearing your clutch/transmission to bits). > > Yes, you can. Not unless you understand how things work in the engine. (The average car owner is not capable of shifting w/out a clutch, and even the most savvy of car owners is unable to *NOT* use a clutch when starting/stopping a car.) So, following that analogy, if I can read/understand how a kernel works, then I'm qualified to ignore the defaults, since I can make it do *whatever* I want it to. However, car manufacturers do not primarily build cars for those kinds of people, but instead build it (as well as document it) for an 'average' driver. > : > If you enable your clutch, then you > : > can use it to help in shifting. This isn't quite the same as what you > : > said, and an analogous condition exists with the firewall rules. > : > : "help in shifting"? I'd call a clutch the most critical part of a > : transmission. W/out a clutch, you don't have a transmission. > > I have seen people goe years w/o a functioning clutch. Randy Seager, > an old boss, didn't have a clutch in his 1974 trans-am for the three > years I worked for him. He had to match the gear speeds exactly to > shift at stoplights, but was able to do it. FWIW, he couldn't do that with a newer manual transmission. The synchro-mesh wouldn't allow you to shift in/out of gear at a stop. (And, I'm suprised it worked on his TA. My suspicion is that it was so worn out that it only worked b/c of wear.) > : > Also, when you enable apm, you aren't enabling power management. > : > : Sure you are. > : > : > That's done in the BIOS. You are enabling the OS using the power > : > management. > : > : If you don't enable apm in the OS, power management won't be done. It > : (the BIOS) sends the commands to the OS, which ignores them, and the > : BIOS does nothing. > : > : (It means that you can't shutdown the box automatically when the power > : gets low, etc...) > > That's not correct. I have had machines that did spin down disks, > even when the OS didn't enable the APM/ACPI interface. Again, that is completely different from my experience with the over a dozen laptops I've had in 7+ years. > : > It just fails to start sendmail, which is the default behavior for the > : > system. If you have sendmail_enable=NO, it doesn't go through and > : > delete the mail queue, or make it impossible to run sendmail from a > : > cron job. > : > : Who said anything about making anything impossible? Saying > : 'firewall_enable'=NO doesn't disable the system from using the firewall > : in the future. It doesn't recompile the kernel and remove the FIREWALL > : capability from the kernel, and/or delete ipfw.ko from the system. > : > : Now you're being silly. > > No. I'm being consistant. I refuse to respond anymore when then discussion has sunk to this level. Nate To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message