Date: Fri, 25 Jan 2002 09:21:54 +0000 From: Nik Clayton <nik@freebsd.org> To: Patrick Greenwell <patrick@stealthgeeks.net> Cc: stable@freebsd.org Subject: Re: Firewall config non-intuitiveness Message-ID: <20020125092154.U53456@clan.nothing-going-on.org> In-Reply-To: <20020124201411.A39351-100000@rockstar.stealthgeeks.net>; from patrick@stealthgeeks.net on Thu, Jan 24, 2002 at 08:21:50PM -0800 References: <20020124201411.A39351-100000@rockstar.stealthgeeks.net>
next in thread | previous in thread | raw e-mail | index | archive | help
--qRqofxetdBO9L27H Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Thu, Jan 24, 2002 at 08:21:50PM -0800, Patrick Greenwell wrote: > I recently got bit by this: I have firewall options configured into my > kernel, and made the mistake of thinking that in order to disable > this functionality to allow all traffic that I merely needed to remove the > firewall_enable paramater from my rc.conf since firewall_enable is set to= NO in > /etc/defaults/rc.conf. >=20 > This did not have the intended result of disabling the firewall, rather a > default deny was applied. If firewall_enable is set to NO, wouldn't it ma= ke > more sense to have the init scripts set net.inet.ip.fw.enable to 0, or am= I > missing something? >=20 > Opinions welcome. I've got a hunch this needs to be a tri-state variable. YES -- Load the firewall rules NO -- Do nothing, default policy is compiled in to the kernel OFF -- Explicitly set net.inet.ip.fw.enable=3D0 or similar. N --=20 FreeBSD: The Power to Serve http://www.freebsd.org/ (__) FreeBSD Documentation Project http://www.freebsd.org/docproj/ \\\'',) \/ \= ^ --- 15B8 3FFC DDB4 34B0 AA5F 94B7 93A8 0764 2C37 E375 --- .\._/= _) --qRqofxetdBO9L27H Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (FreeBSD) Comment: For info see http://www.gnupg.org iEYEARECAAYFAjxRI7EACgkQk6gHZCw343XZ7gCghCxcHt3+HkhXOI2UyKhgXm7+ IFEAnA06hbRxvgsu4T/i3L3ejI431B7y =U9AP -----END PGP SIGNATURE----- --qRqofxetdBO9L27H-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020125092154.U53456>