Date: Mon, 28 Jan 2002 15:01:28 -0600 From: "Jacques A. Vidrine" <n@nectar.cc> To: freebsd-stable@FreeBSD.ORG Subject: Re: firewall config (CTFM) Message-ID: <20020128210128.GG42996@madman.nectar.cc> In-Reply-To: <20020128134717.F66369@colnta.acns.ab.ca> References: <B95B566BD245174196CA4EE29E5818831B6469@HEXCH01.robhughes.com> <20020128113806.O95859-100000@rockstar.stealthgeeks.net> <20020128132015.A66369@colnta.acns.ab.ca> <20020128203640.GB42996@madman.nectar.cc> <20020128134717.F66369@colnta.acns.ab.ca>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, Jan 28, 2002 at 01:47:17PM -0700, Chad David wrote: > On Mon, Jan 28, 2002 at 02:36:40PM -0600, Jacques A. Vidrine wrote: > > On Mon, Jan 28, 2002 at 01:20:15PM -0700, Chad David wrote: > > > One of the things I would recommend documenting very clearly is that > > > you DO NOT NEED TO COMPILE IPFW INTO THE KERNEL. > > > > Except if you want to default to deny, you must [1]. The rc system > > loads the firewall after configuring your interfaces. This may be a > > bug. > > Hmmm, possibly. But given that this is exactly the behavior that is > being argued for I'm not sure I'd call it a bug. I'm not sure you understood what I meant (I should have written `firewall module' rather than `firewall' above). It could be called a bug for network interfaces to be activated before the network security policy has been set. > If you want rc.conf > to be able to disable or enable the actual firewall code then this is > something that you have to live with, unless it defaults to deny and when > == "NO" is found it disables it, but the if you for some reason make a > mistake you are locked out (which I like), and that was at least one of > the problems people have had with the current way things work. I'm sorry, I don't follow you. Cheers, -- Jacques A. Vidrine <n@nectar.cc> http://www.nectar.cc/ NTT/Verio SME . FreeBSD UNIX . Heimdal Kerberos jvidrine@verio.net . nectar@FreeBSD.org . nectar@kth.se To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020128210128.GG42996>