Date: Sat, 26 Jan 2002 09:28:03 -0700 (MST) From: "M. Warner Losh" <imp@village.org> To: iedowse@maths.tcd.ie Cc: cjc@FreeBSD.ORG, veldy@veldy.net, patrick@stealthgeeks.net, stable@FreeBSD.ORG Subject: Re: Firewall config non-intuitiveness Message-ID: <20020126.092803.25710806.imp@village.org> In-Reply-To: <200201261349.aa24682@salmon.maths.tcd.ie> References: <20020125190552.E14394@blossom.cjclark.org> <200201261349.aa24682@salmon.maths.tcd.ie>
next in thread | previous in thread | raw e-mail | index | archive | help
In message: <200201261349.aa24682@salmon.maths.tcd.ie>
Ian Dowse <iedowse@maths.tcd.ie> writes:
: In general, xxx="NO" in rc.conf means "dont start xxx", it doesn't
: mean "don't start xxx, and if there is one running, kill it", i.e.
: ="NO" is an instruction to the rc scripts to do nothing (I'm sure
: there are a few exceptions). I think the existing firewall_enable
: behaviour is consistent with this, but a new "DISABLE" option could
: be added without any problems.
I agree. The last thing we should be doing is autotmatically
disabling a security feature by some rc setting. We do similar things
with our firewall stuff on a couple of our machines because we need to
do some custom things before turning it on that don't fit the current
rc paradigm.
Warner
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-stable" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020126.092803.25710806.imp>