From owner-freebsd-stable  Mon Jan 28 22:49:15 2002
Delivered-To: freebsd-stable@freebsd.org
Received: from zaphod.wox.org (CPE0050BAE86969.cpe.net.cable.rogers.com [24.112.22.141])
	by hub.freebsd.org (Postfix) with ESMTP id 13D8C37B427
	for <stable@FreeBSD.ORG>; Mon, 28 Jan 2002 22:48:18 -0800 (PST)
Received: from localhost (rglidden@localhost)
	by zaphod.wox.org (8.11.6/8.11.6) with ESMTP id g0T6m8f12026;
	Tue, 29 Jan 2002 01:48:08 -0500 (EST)
	(envelope-from rglidden@zaphod.wox.org)
Date: Tue, 29 Jan 2002 01:48:07 -0500 (EST)
From: Richard Glidden <rglidden@zaphod.wox.org>
X-X-Sender: rglidden@charon.acheron.localnet
To: Gerhard Sittig <Gerhard.Sittig@gmx.net>
Cc: stable@FreeBSD.ORG
Subject: Re: Firewall config non-intuitiveness
In-Reply-To: <20020129004415.F1494@shell.gsinet.sittig.org>
Message-ID: <20020129014002.X11997-100000@charon.acheron.localnet>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-stable@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-stable.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-stable>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-stable>
X-Loop: FreeBSD.ORG


On Tue, 29 Jan 2002, Gerhard Sittig wrote:

> Huh?  `uname -sr` please! :)  You must have been in front of a
> different system.
> I haven't seen anything different from
>
>   firewall_enable
> 	(bool) Set to ``YES'' to load firewall rules at startup.
> 	If the kernel was not built with IPFIREWALL, the ipfw ker-
> 	nel module will be loaded.  See also ipfilter_enable.

rglidden@charon:~$ uname -sr
FreeBSD 4.4-RELEASE-p4
rglidden@charon:~$ man rc.conf

[... skip down a bit ...]

    firewall_enable
        (bool) Set to ``NO'' if you do not want have firewall rules
        loaded at startup, or ``YES'' if you do.  If set to ``YES'', and
        the kernel was not built with IPFIREWALL, the ipfw kernel module
        will be loaded.  See also ipfilter_enable.

I wouldn't be surprised if the "NO" part was removed since 4.4-RELEASE,
since the sentence you quoted is a bit more concise.  But in the interests
of clarity, a NO section really should be added back, which describes the
interaction with NO & IPFIREWALL in the kernel config, IMO.

- Richard


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-stable" in the body of the message