From owner-freebsd-stable Mon Jan 28 22:17:33 2002 Delivered-To: freebsd-stable@freebsd.org Received: from apollo.backplane.com (apollo.backplane.com [216.240.41.2]) by hub.freebsd.org (Postfix) with ESMTP id 9CC4737B404 for ; Mon, 28 Jan 2002 22:17:27 -0800 (PST) Received: (from dillon@localhost) by apollo.backplane.com (8.11.6/8.9.1) id g0T6HO036172; Mon, 28 Jan 2002 22:17:24 -0800 (PST) (envelope-from dillon) Date: Mon, 28 Jan 2002 22:17:24 -0800 (PST) From: Matthew Dillon Message-Id: <200201290617.g0T6HO036172@apollo.backplane.com> To: "Thomas T. Veldhouse" Cc: , "Nate Williams" , "Freebsd-Stable" Subject: Re: Proposed Solution To Recent "firewall_enable" Thread. [Please Read] References: <001e01c1a873$bdf12f10$0101a8c0@cascade> Sender: owner-freebsd-stable@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Lets not make things even more confusing then they already are. The answer to me is simple: If firewall_enable is "NO" and ipfw is active, /etc/rc* should simply add a rule to allow all traffic. Simple. Problem solved. -Matt :What would the expected functionality be for this? : :ipfw_enable=no :ipfw_firewall_enable=yes : :And what would the expected funcationality be for this? : :ipfw_enable=yes :ipfw_firewall_enable=no : :I would expect the former to not load the ipfw module, so what does the :firewall enable option do? : :I would expect the latter to load the ipfw module and the latter to not run :the firewall script. Seems to make sense, except what happens when you have :IPFIREWALL built into the kernel? : :Tom Veldhouse :veldy@veldy.net To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message