From owner-cvs-all  Mon Jan 13  9:21:27 2003
Delivered-To: cvs-all@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP
	id 2A94637B401; Mon, 13 Jan 2003 09:21:26 -0800 (PST)
Received: from harmony.village.org (rover.bsdimp.com [204.144.255.66])
	by mx1.FreeBSD.org (Postfix) with ESMTP
	id 3293443E4A; Mon, 13 Jan 2003 09:21:25 -0800 (PST)
	(envelope-from imp@bsdimp.com)
Received: from localhost (warner@rover2.village.org [10.0.0.1])
	by harmony.village.org (8.12.6/8.12.3) with ESMTP id h0DHLN1e014076;
	Mon, 13 Jan 2003 10:21:23 -0700 (MST)
	(envelope-from imp@bsdimp.com)
Date: Mon, 13 Jan 2003 10:18:56 -0700 (MST)
Message-Id: <20030113.101856.56901754.imp@bsdimp.com>
To: nick@garage.freebsd.pl
Cc: dillon@FreeBSD.org, cvs-committers@FreeBSD.org,
	cvs-all@FreeBSD.org
Subject: Re: cvs commit: src/sbin/ipfw ipfw.8 ipfw2.c
From: "M. Warner Losh" <imp@bsdimp.com>
In-Reply-To: <20030113075934.GE9430@garage.freebsd.pl>
References: <200301120331.h0C3VA2H040455@repoman.freebsd.org>
	<20030113075934.GE9430@garage.freebsd.pl>
X-Mailer: Mew version 2.1 on Emacs 21.2 / Mule 5.0 (SAKAKI)
Mime-Version: 1.0
Content-Type: Text/Plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Sender: owner-cvs-all@FreeBSD.ORG
Precedence: bulk
List-ID: <cvs-all.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20cvs-all>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20cvs-all>
X-Loop: FreeBSD.ORG

In message: <20030113075934.GE9430@garage.freebsd.pl>
            Pawel Jakub Dawidek <nick@garage.freebsd.pl> writes:
: On Sat, Jan 11, 2003 at 07:31:10PM -0800, Matt Dillon wrote:
: +>   It turns out that we do not need to add a new ioctl to unbreak a
: +>   default-to-deny firewall.  Simply turning off IPFW via a preexisting
: +>   sysctl does the job.  To make it more apparent (since nobody picked up
: +>   on this in a week's worth of flames), the boolean sysctl's have been
: +>   integrated into the /sbin/ipfw command set in an obvious and straightforward
: +>   manner.  For example, you can now do 'ipfw disable firewall' or
: +>   'ipfw enable firewall'.  This is far easier to remember then the
: +>   net.inet.ip.fw.enable sysctl.
: 
: And what when securelevel >= 3?

The new ioctl wouldn't work at that level anyway.

Warner

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe cvs-all" in the body of the message