From owner-freebsd-stable  Tue Jan 29 13:31: 7 2002
Delivered-To: freebsd-stable@freebsd.org
Received: from guru.mired.org (dsl-64-192-6-133.telocity.com [64.192.6.133])
	by hub.freebsd.org (Postfix) with SMTP id 807A337B402
	for <freebsd-stable@FreeBSD.ORG>; Tue, 29 Jan 2002 13:31:04 -0800 (PST)
Received: (qmail 73479 invoked by uid 100); 29 Jan 2002 21:31:03 -0000
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Message-ID: <15447.5270.719716.953800@guru.mired.org>
Date: Tue, 29 Jan 2002 15:31:02 -0600
To: Matthew Dillon <dillon@apollo.backplane.com>
Cc: "Freebsd-Stable" <freebsd-stable@FreeBSD.ORG>
Subject: Re: Proposed Solution To Recent "firewall_enable" Thread. [Please Read]
In-Reply-To: <200201292106.g0TL6T748013@apollo.backplane.com>
References: <SQ5323WMGH94GE51S204VULSNEA.3c56fdd9@VicNBob>
	<200201292106.g0TL6T748013@apollo.backplane.com>
X-Mailer: VM 6.90 under 21.1 (patch 14) "Cuyahoga Valley" XEmacs Lucid
X-face: "5Mnwy%?j>IIV\)A=):rjWL~NB2aH[}Yq8Z=u~vJ`"(,&SiLvbbz2W`;h9L,Yg`+vb1>RG%
 *h+%X^n0EZd>TM8_IB;a8F?(Fb"lw'IgCoyM.[Lg#r\
From: "Mike Meyer" <mwm-dated-1012771863.1eab52@mired.org>
X-Delivery-Agent: TMDA/0.44 (Python 2.2; freebsd-4.5-RC-i386)
Sender: owner-freebsd-stable@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-stable.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-stable>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-stable>
X-Loop: FreeBSD.ORG

Matthew Dillon <dillon@apollo.backplane.com> types:
>     Simple, obvious, straightforward.  All this other crap about having to
>     specify firewall_ options one way if you have the firewall compiled in
>     and another way if you don't is, well, crap.  /etc/rc.conf should work
>     the same no matter how the kernel is compiled.

/etc/rc.conf *does* work the same way no matter how the kernel is
compiled. If you set firewall_enable=YES, it makes sure that ipfw is
available, then loads your firewall rules. If you set
firewall_enable=NO, it doesn't do anything at all.

Of course, if you think "firewall_enable=NO" means you should be able
to get to the system over the network "no matter how the kernel is
compiled", how are you going to make it work if the kernel was
compiled without the INET option?

	<mike
--
Mike Meyer <mwm@mired.org>			http://www.mired.org/home/mwm/
Independent WWW/Perforce/FreeBSD/Unix consultant, email for more information.

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-stable" in the body of the message