Date: Mon, 28 Jan 2002 14:52:03 -0600 From: "Jacques A. Vidrine" <n@nectar.cc> To: C J Michaels <cjm2@earthling.net> Cc: stable@freebsd.org, imp@village.org Subject: Re: Proposed Solution To Recent "firewall_enable" Thread. [Please Read] Message-ID: <20020128205203.GE42996@madman.nectar.cc> In-Reply-To: <1913.216.153.202.59.1012249133.squirrel@www1.27in.tv> References: <20020128192930.GA86720@student.uu.se> <1913.216.153.202.59.1012249133.squirrel@www1.27in.tv>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, Jan 28, 2002 at 03:18:53PM -0500, C J Michaels wrote: > In light of all the recent ipfw hubub, I think I have a equitable solution > for all. Most or all of these have been suggested by others, I am just > trying to put them into one consice proposal. Thanks for the effort, CJ. > I am going to propose the following changes: > 1. We rename the option to something like "firewall_load_rules" or > "firewall_enable_rules", etc... Someone else can come up with a > short yet more concise variable name. I don't see any value in renaming the knob for -STABLE. Renaming it for -CURRENT might be useful. > 2. We grandfather in the old option of "firewall_enable" so existing > rc.conf(5)'s are not broken. It is easier to ensure no breakage by not renaming it. :-) Despite the chatter here, the current name has apparently caused little confusion in the over 2 years that it has been around. That's not to say that it shouldn't be better documented. > 2b. At some point in the future, with much fanfare and documentation, > and probably messages to FreeBSD-Security-Advisories we phase out > the old option completely, so we don't keep a kludge in the > system. Any requirement for fanfare and messages to security-notifications should be a red flag that the change was too disruptive. > 4. Explicitly document the effect of both "YES" and "NO" in rc.conf(5). By golly, I think you've got it. :-) For the record, I have no objection to renaming the knob in -STABLE as Security Officer. I do not believe that renaming will endanger any existing systems (/etc is untouched during upgrades unless the administrator does an explicit merge). However, as a committer and even as Joe User, I think it is an inappropriate change for the -STABLE branch. Cheers, -- Jacques A. Vidrine <n@nectar.cc> http://www.nectar.cc/ NTT/Verio SME . FreeBSD UNIX . Heimdal Kerberos jvidrine@verio.net . nectar@FreeBSD.org . nectar@kth.se To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020128205203.GE42996>