From owner-freebsd-stable Thu Jan 24 20:21:53 2002 Delivered-To: freebsd-stable@freebsd.org Received: from rockstar.stealthgeeks.net (h-66-134-120-173.LSANCA54.covad.net [66.134.120.173]) by hub.freebsd.org (Postfix) with SMTP id 491DC37B404 for ; Thu, 24 Jan 2002 20:21:50 -0800 (PST) Received: (qmail 39481 invoked by uid 1001); 25 Jan 2002 04:21:50 -0000 Received: from localhost (sendmail-bs@127.0.0.1) by localhost with SMTP; 25 Jan 2002 04:21:50 -0000 Date: Thu, 24 Jan 2002 20:21:50 -0800 (PST) From: Patrick Greenwell To: stable@freebsd.org Subject: Firewall config non-intuitiveness Message-ID: <20020124201411.A39351-100000@rockstar.stealthgeeks.net> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-stable@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG I recently got bit by this: I have firewall options configured into my kernel, and made the mistake of thinking that in order to disable this functionality to allow all traffic that I merely needed to remove the firewall_enable paramater from my rc.conf since firewall_enable is set to NO in /etc/defaults/rc.conf. This did not have the intended result of disabling the firewall, rather a default deny was applied. If firewall_enable is set to NO, wouldn't it make more sense to have the init scripts set net.inet.ip.fw.enable to 0, or am I missing something? Opinions welcome. /\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\ Patrick Greenwell Stealthgeeks,LLC. Operations Consulting http://www.stealthgeeks.net \/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message