From owner-freebsd-stable  Tue Jan 29  4:44:34 2002
Delivered-To: freebsd-stable@freebsd.org
Received: from voi.aagh.net (pc1-hart4-0-cust168.mid.cable.ntl.com [62.254.84.168])
	by hub.freebsd.org (Postfix) with ESMTP id 92E9B37B417
	for <freebsd-stable@freebsd.org>; Tue, 29 Jan 2002 04:44:20 -0800 (PST)
Received: from freaky by voi.aagh.net with local (Exim 3.34 #1)
	id 16VXcU-000JiT-00
	for freebsd-stable@FreeBSD.ORG; Tue, 29 Jan 2002 12:44:14 +0000
Date: Tue, 29 Jan 2002 12:44:14 +0000
From: Thomas Hurst <tom.hurst@clara.net>
To: Freebsd-Stable <freebsd-stable@FreeBSD.ORG>
Subject: Re: Proposed Solution To Recent "firewall_enable" Thread. [Please Read]
Message-ID: <20020129124413.GA74666@voi.aagh.net>
Mail-Followup-To: Freebsd-Stable <freebsd-stable@FreeBSD.ORG>
References: <20020129041803.GA69785@voi.aagh.net> <NEBBJIKPNGEHLCBOLMDMAECCFPAC.andrew.cowan@hsd.com.au>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <NEBBJIKPNGEHLCBOLMDMAECCFPAC.andrew.cowan@hsd.com.au>
User-Agent: Mutt/1.3.27i
Organization: Not much.
X-Operating-System: FreeBSD/4.5-PRERELEASE (i386)
X-Uptime: 11:32AM  up 39 days, 20:17, 4 users, load averages: 2.07, 2.06, 2.02
Sender: owner-freebsd-stable@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-stable.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-stable>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-stable>
X-Loop: FreeBSD.ORG

* Andrew Cowan (andrew.cowan@hsd.com.au) wrote:

> > How about something more along the lines of:
> >
> > ipfw_enable  = {yes, no}
> > ipfw_type    = {script, rule, builtin}
> > ipfw_rule    = {/path/to/rule/file}
> > ipfw_script  = {/path/to/script}
> > ipfw_builtin = {open, closed, simple, client}
>
> Way to complicated though.

It's simpler than a lot of the options, but yes, I suppose with parts of
the configuration spilling out into the rc file and other parts looking
ugly as hell, maybe something more...

> along the lines of ppp.conf??

would be better. :)

Possibly, depends if anyone can think of anything better to put in there
than something like what I suggested for rc.conf.  I suppose if the
rc.firewall system were made more orthagonal..

> It just does not need to be as complicated as it is - not that the
> current way is hard - rather it is nonsensical.

I'd say it's more crufty than nonsensical.

> If you could redesign the system from scratch how would you do it?

I'd refactor the entire rc system into something along the lines of
NetBSD's, although perhaps try to be a little less spaghettified :)

<notices it was imported 7 months ago and hasn't been touched since,
*grumble*>

> It would be easy to mantain backwards compatibility so why not pretend
> it is from scratch?

Well, sure, a bunch of rc.conf setting are nothing compared with all the
other stuff that's going into current.

-- 
Thomas 'Freaky' Hurst  -  freaky@aagh.net  -  http://www.aagh.net/
-
Factorials were someone's attempt to make math LOOK exciting.

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-stable" in the body of the message