Date: Tue, 29 Jan 2002 12:44:14 +0000 From: Thomas Hurst <tom.hurst@clara.net> To: Freebsd-Stable <freebsd-stable@FreeBSD.ORG> Subject: Re: Proposed Solution To Recent "firewall_enable" Thread. [Please Read] Message-ID: <20020129124413.GA74666@voi.aagh.net> In-Reply-To: <NEBBJIKPNGEHLCBOLMDMAECCFPAC.andrew.cowan@hsd.com.au> References: <20020129041803.GA69785@voi.aagh.net> <NEBBJIKPNGEHLCBOLMDMAECCFPAC.andrew.cowan@hsd.com.au>
next in thread | previous in thread | raw e-mail | index | archive | help
* Andrew Cowan (andrew.cowan@hsd.com.au) wrote:
> > How about something more along the lines of:
> >
> > ipfw_enable = {yes, no}
> > ipfw_type = {script, rule, builtin}
> > ipfw_rule = {/path/to/rule/file}
> > ipfw_script = {/path/to/script}
> > ipfw_builtin = {open, closed, simple, client}
>
> Way to complicated though.
It's simpler than a lot of the options, but yes, I suppose with parts of
the configuration spilling out into the rc file and other parts looking
ugly as hell, maybe something more...
> along the lines of ppp.conf??
would be better. :)
Possibly, depends if anyone can think of anything better to put in there
than something like what I suggested for rc.conf. I suppose if the
rc.firewall system were made more orthagonal..
> It just does not need to be as complicated as it is - not that the
> current way is hard - rather it is nonsensical.
I'd say it's more crufty than nonsensical.
> If you could redesign the system from scratch how would you do it?
I'd refactor the entire rc system into something along the lines of
NetBSD's, although perhaps try to be a little less spaghettified :)
<notices it was imported 7 months ago and hasn't been touched since,
*grumble*>
> It would be easy to mantain backwards compatibility so why not pretend
> it is from scratch?
Well, sure, a bunch of rc.conf setting are nothing compared with all the
other stuff that's going into current.
--
Thomas 'Freaky' Hurst - freaky@aagh.net - http://www.aagh.net/
-
Factorials were someone's attempt to make math LOOK exciting.
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-stable" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020129124413.GA74666>