From owner-freebsd-security  Tue Jun 19  9:41:18 2001
Delivered-To: freebsd-security@freebsd.org
Received: from ringworld.nanolink.com (ringworld.nanolink.com [195.24.48.13])
	by hub.freebsd.org (Postfix) with SMTP id 1302837B406
	for <freebsd-security@FreeBSD.ORG>; Tue, 19 Jun 2001 09:41:14 -0700 (PDT)
	(envelope-from roam@orbitel.bg)
Received: (qmail 1026 invoked by uid 1000); 19 Jun 2001 16:39:41 -0000
Date: Tue, 19 Jun 2001 19:39:41 +0300
From: Peter Pentchev <roam@orbitel.bg>
To: Igor Roshchin <str@giganda.komkon.org>
Cc: freebsd-security@FreeBSD.ORG
Subject: Re: /etc/defaults/rc.conf (Was: IPFW newbie)
Message-ID: <20010619193941.A944@ringworld.oblivion.bg>
Mail-Followup-To: Igor Roshchin <str@giganda.komkon.org>,
	freebsd-security@FreeBSD.ORG
References: <0106190918132R.00481@xyberpix.mip.co.za> <200106191622.MAA66100@giganda.komkon.org>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.2.5i
In-Reply-To: <200106191622.MAA66100@giganda.komkon.org>; from str@giganda.komkon.org on Tue, Jun 19, 2001 at 12:22:26PM -0400
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

On Tue, Jun 19, 2001 at 12:22:26PM -0400, Igor Roshchin wrote:
> 
> I am surprised to see that two people in a raw gave an advice, suggesting
> to edit /etc/defaults/rc.conf.
> IIRC, /etc/defaults was introduced as a nice instrument of having
> _default_ settings in one directory, and changes to it in a standard file
> in /etc. (Approach used on other systems (e.g. Irix) even earlier)
> IMHO, this makes it much easier to do system upgrades.
> 
> So, IMHO, the Good Thing is to add lines from the files in /etc/defaults/*
> to the corresponding files in /etc/ .
> Below are the quotes from the man pages and the handbook recommending
> this style.

Absolutely.  Never touch anything in /etc/defaults.  Whatever you want
to change, change it in /etc.

For this particular case, all that's needed is:

echo 'firewall_enable="YES"' >> /etc/rc.conf
echo 'firewall_type="open"' >> /etc/rc.conf

Note the double '>' there - it tells the shell to add to that file
if it exists, and not to replace it with just those lines.

G'luck,
Peter

-- 
This sentence no verb.

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message