From owner-freebsd-stable  Mon Jan 28 16: 7:27 2002
Delivered-To: freebsd-stable@freebsd.org
Received: from rover.village.org (rover.bsdimp.com [204.144.255.66])
	by hub.freebsd.org (Postfix) with ESMTP id 27A7937B41B
	for <stable@FreeBSD.ORG>; Mon, 28 Jan 2002 16:07:21 -0800 (PST)
Received: from harmony.village.org (harmony.village.org [10.0.0.6])
	by rover.village.org (8.11.3/8.11.3) with ESMTP id g0T07Ho20829;
	Mon, 28 Jan 2002 17:07:17 -0700 (MST)
	(envelope-from imp@village.org)
Received: from localhost (warner@rover2.village.org [10.0.0.1])
	by harmony.village.org (8.11.6/8.11.6) with ESMTP id g0T07Fx13809;
	Mon, 28 Jan 2002 17:07:15 -0700 (MST)
	(envelope-from imp@village.org)
Date: Mon, 28 Jan 2002 17:06:59 -0700 (MST)
Message-Id: <20020128.170659.97077059.imp@village.org>
To: nate@yogotech.com
Cc: cjm2@earthling.net, stable@FreeBSD.ORG, n@nectar.cc
Subject: Re: Proposed Solution To Recent "firewall_enable" Thread. [Please
 Read]
From: "M. Warner Losh" <imp@village.org>
In-Reply-To: <15445.54755.551301.284078@caddis.yogotech.com>
References: <15445.54136.731213.811969@caddis.yogotech.com>
	<20020128.154656.123855750.imp@village.org>
	<15445.54755.551301.284078@caddis.yogotech.com>
X-Mailer: Mew version 2.1 on Emacs 21.1 / Mule 5.0 (SAKAKI)
Mime-Version: 1.0
Content-Type: Text/Plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Sender: owner-freebsd-stable@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-stable.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-stable>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-stable>
X-Loop: FreeBSD.ORG

In message: <15445.54755.551301.284078@caddis.yogotech.com>
            Nate Williams <nate@yogotech.com> writes:
: > : Yes, and I think having this is a good thing.  However, what are the
: > : default values for the variables?
: > 
: > In previous mail I suggested:
: > 
: > ipfw_enable=no
: > ipfw_firewall_enable=yes
: 
: Gotcha, I confused ipfw_enable with ipfw_firewall_enable.
: Unfortunately, it's not obvious which one the users should use to enable
: the functionality.
: 
: Now we have two variables that *appear* to be redundant....

That's as far as I'm willing to go.  The rest would be a documentation
issue.  It can be clearly stated how to disable things in the
documentation.

Of course, one could also argue that if you set firewall_enable to no
now that one could add
	net.inet.ip.fw.enable=0
to /etc/sysctl.conf.

Warner

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-stable" in the body of the message