Date: Tue, 29 Jan 2002 23:16:08 +0000 From: Pete French <pfrench@firstcallgroup.co.uk> To: freebsd-stable@FreeBSD.ORG Subject: Re: Proposed Solution To Recent "firewall_enable" Thread. [Please Read] Message-ID: <E16VhU0-000BJ1-00@mailhost.firstcallgroup.co.uk> In-Reply-To: <200201292106.g0TL6T748013@apollo.backplane.com>
next in thread | previous in thread | raw e-mail | index | archive | help
> I've been hit by this piece of nonsense before as well. I would like > to see the rules fixed so it doesn't matter what you compile into the > kernel -- if your firewall_enable is NO, then it should be as if you > don't have a file. Dont you mean "as if you didnt have a firewall" ? If this was a physical piece of firewall hardware we were talking about there would be no argument, because its obvious that if you turn the thing off it wont pass packets. But here the distinction isnt clear as to wheher the firewall exiists and is being turned off, or if its being made to vanish as if it hadnt been compiled in. You need to specify 2 things: 1) Does a firewall exist 2) If so is it on or off ? You just cant do it with one variable and please everyone, and lets not get into he tri-state horribleness. How about: firewall_exists = YES/NO firewall_enable = YES/NO With the value of the 2nd variable having no effect if the value of the first is NO. To my mind thats clear enough, and also backward compatible. Setting the first variable to NO always acts as if there was no firewall in the krenel, setting it to yet always puts one in the kernel. Any good? -pcf. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?E16VhU0-000BJ1-00>