From owner-freebsd-stable Fri Jan 25 17:33:30 2002 Delivered-To: freebsd-stable@freebsd.org Received: from pi.yip.org (pi.yip.org [199.45.111.121]) by hub.freebsd.org (Postfix) with ESMTP id A873937B402 for ; Fri, 25 Jan 2002 17:33:22 -0800 (PST) Received: (from melange@localhost) by pi.yip.org (8.11.3/8.11.3) id g0Q1XTt03826; Fri, 25 Jan 2002 20:33:29 -0500 (EST) (envelope-from melange@yip.org) Date: Fri, 25 Jan 2002 20:33:28 -0500 From: Bob K To: Patrick Greenwell Cc: stable@FreeBSD.ORG Subject: Re: Firewall config non-intuitiveness Message-ID: <20020125203328.A454@yip.org> References: <000c01c1a5ff$a4539870$0101a8c0@cascade> <20020125165307.C54729-100000@rockstar.stealthgeeks.net> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <20020125165307.C54729-100000@rockstar.stealthgeeks.net>; from patrick@stealthgeeks.net on Fri, Jan 25, 2002 at 05:05:48PM -0800 Sender: owner-freebsd-stable@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG On Fri, Jan 25, 2002 at 05:05:48PM -0800, Patrick Greenwell wrote: > > You know, I continue to be amazed at the attitude that says that things > should be kept counter-intuitive and anyone who doesn't like it that way > is ignorant. What possible benefit is there in perpetuating mislabeled > behavior? > > To me, it's very simple: there's this "firewall_enable" option in rc.conf, > and I think that reasonable people would infer that if you set it to "no" > it meant that you didn't want a firewall enabled(based on the name of the > variable), yet that is not what happens. > > All the documentation reading in the world isn't going to make me think it's a > good idea to have "no" mean "yes" and I certainly don't think it's useful or > helpful to cast aspersions on individuals who want "no" to actually mean "no." The problem is that you're not taking into account the installed base of users who twiddle this knob. How many angry firewall admins will come into being when the behaviour suddenly stops being, "don't load any firewall rules" and starts being, "disable the firewall"? Perhaps the variable could be renamed to something more specific. -- Bob | Please don't feed the sock puppet. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message