From owner-freebsd-stable Mon Jan 28 13:12:46 2002 Delivered-To: freebsd-stable@freebsd.org Received: from mail.acns.ab.ca (mail.acns.ab.ca [142.179.151.95]) by hub.freebsd.org (Postfix) with ESMTP id 7C36937B417 for ; Mon, 28 Jan 2002 13:12:43 -0800 (PST) Received: from colnta.acns.ab.ca (colnta.acns.ab.ca [192.168.1.2]) by mail.acns.ab.ca (8.11.6/8.11.3) with ESMTP id g0SLCcV18914; Mon, 28 Jan 2002 14:12:38 -0700 (MST) (envelope-from davidc@colnta.acns.ab.ca) Received: (from davidc@localhost) by colnta.acns.ab.ca (8.11.6/8.11.3) id g0SLCcA66606; Mon, 28 Jan 2002 14:12:38 -0700 (MST) (envelope-from davidc) Date: Mon, 28 Jan 2002 14:12:38 -0700 From: Chad David To: "Jacques A. Vidrine" Cc: freebsd-stable@FreeBSD.ORG Subject: Re: firewall config (CTFM) Message-ID: <20020128141238.H66369@colnta.acns.ab.ca> Mail-Followup-To: "Jacques A. Vidrine" , freebsd-stable@FreeBSD.ORG References: <20020128113806.O95859-100000@rockstar.stealthgeeks.net> <20020128132015.A66369@colnta.acns.ab.ca> <20020128203640.GB42996@madman.nectar.cc> <20020128134717.F66369@colnta.acns.ab.ca> <20020128210128.GG42996@madman.nectar.cc> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <20020128210128.GG42996@madman.nectar.cc>; from n@nectar.cc on Mon, Jan 28, 2002 at 03:01:28PM -0600 Sender: owner-freebsd-stable@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG On Mon, Jan 28, 2002 at 03:01:28PM -0600, Jacques A. Vidrine wrote: > On Mon, Jan 28, 2002 at 01:47:17PM -0700, Chad David wrote: > > On Mon, Jan 28, 2002 at 02:36:40PM -0600, Jacques A. Vidrine wrote: > > > On Mon, Jan 28, 2002 at 01:20:15PM -0700, Chad David wrote: > > > > One of the things I would recommend documenting very clearly is that > > > > you DO NOT NEED TO COMPILE IPFW INTO THE KERNEL. > > > > > > Except if you want to default to deny, you must [1]. The rc system > > > loads the firewall after configuring your interfaces. This may be a > > > bug. > > > > Hmmm, possibly. But given that this is exactly the behavior that is > > being argued for I'm not sure I'd call it a bug. > > I'm not sure you understood what I meant (I should have written > `firewall module' rather than `firewall' above). It could be called a > bug for network interfaces to be activated before the network security > policy has been set. Yes, I understood you... its was I who was unclear. Basically I was agree with you :). -- Chad David davidc@acns.ab.ca www.FreeBSD.org davidc@freebsd.org ACNS Inc. Calgary, Alberta Canada Fourthly, The constant breeders, beside the gain of eight shillings sterling per annum by the sale of their children, will be rid of the charge of maintaining them after the first year. - Johnathan Swift To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message