From owner-freebsd-stable  Mon Jan 28 14:40: 6 2002
Delivered-To: freebsd-stable@freebsd.org
Received: from relay3-gui.server.ntli.net (relay3-gui.server.ntli.net [194.168.4.200])
	by hub.freebsd.org (Postfix) with ESMTP id 31E2C37B400
	for <freebsd-stable@freebsd.org>; Mon, 28 Jan 2002 14:40:02 -0800 (PST)
Received: from pc4-card4-0-cust162.cdf.cable.ntl.com
	([80.4.14.162] helo=rhadamanth.private.submonkey.net ident=exim)
	by relay3-gui.server.ntli.net with esmtp (Exim 3.03 #2)
	id 16VKRC-0006F1-01; Mon, 28 Jan 2002 22:39:42 +0000
Received: from setantae by rhadamanth.private.submonkey.net with local (Exim 3.34 #1)
	id 16VKQh-0001ry-00; Mon, 28 Jan 2002 22:39:11 +0000
Date: Mon, 28 Jan 2002 22:39:11 +0000
From: Ceri <setantae@submonkey.net>
To: Nate Williams <nate@yogotech.com>
Cc: Richard Glidden <rglidden@zaphod.wox.org>,
	freebsd-stable@FreeBSD.ORG
Subject: Re: firewall config (CTFM)
Message-ID: <20020128223911.GA7080@rhadamanth>
Mail-Followup-To: Ceri <setantae@rhadamanth.FreeBSD.ORG>,
	Nate Williams <nate@yogotech.com>,
	Richard Glidden <rglidden@zaphod.wox.org>, freebsd-stable@FreeBSD.ORG
References: <15445.37204.693732.376471@caddis.yogotech.com> <20020128150458.E10891-100000@charon.acheron.localnet> <15445.46625.765383.179068@caddis.yogotech.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <15445.46625.765383.179068@caddis.yogotech.com>
User-Agent: Mutt/1.3.27i
Sender: owner-freebsd-stable@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-stable.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-stable>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-stable>
X-Loop: FreeBSD.ORG

On Mon, Jan 28, 2002 at 03:33:05PM -0500, Richard Glidden wrote:
> On Mon, 28 Jan 2002, Nate Williams wrote:
> 
> Ok, so if I don't load rules, I will lock myself out.  So
> firewall_enable="NO" + IPFIREWALL = instant lockout.  Seems pretty clear.
> What does rc.conf say?
> 
>   firewall_enable="NO"   # Set to YES to enable firewall functionality

I freely admit to not having read more than two messages on this thread,
but I'm happy I get the general idea.

Why not just change the comment to :

    firewall_enable="NO"   # Set to YES to load firewall rulesets.
			   # Setting this to NO will drop all packets if
			   # IPFIREWALL is enabled in your kernel.

Job done as I see it.

Ceri

-- 
keep a mild groove on



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-stable" in the body of the message