From owner-freebsd-stable  Sun Jan 27  9:28:16 2002
Delivered-To: freebsd-stable@freebsd.org
Received: from rover.village.org (rover.bsdimp.com [204.144.255.66])
	by hub.freebsd.org (Postfix) with ESMTP
	id 8741137B400; Sun, 27 Jan 2002 09:28:12 -0800 (PST)
Received: from harmony.village.org (harmony.village.org [10.0.0.6])
	by rover.village.org (8.11.3/8.11.3) with ESMTP id g0RHSBo12675;
	Sun, 27 Jan 2002 10:28:11 -0700 (MST)
	(envelope-from imp@village.org)
Received: from localhost (warner@rover2.village.org [10.0.0.1])
	by harmony.village.org (8.11.6/8.11.6) with ESMTP id g0RHS8x81427;
	Sun, 27 Jan 2002 10:28:09 -0700 (MST)
	(envelope-from imp@village.org)
Date: Sun, 27 Jan 2002 10:27:48 -0700 (MST)
Message-Id: <20020127.102748.70374201.imp@village.org>
To: jacks@sage-american.com
Cc: cjc@FreeBSD.ORG, nate@yogotech.com, stable@FreeBSD.ORG
Subject: Re: Firewall config non-intuitiveness
From: "M. Warner Losh" <imp@village.org>
In-Reply-To: <3.0.5.32.20020127075816.01831ca0@mail.sage-american.com>
References: <20020127014848.F23259@blossom.cjclark.org>
	<20020127.052626.107682843.imp@village.org>
	<3.0.5.32.20020127075816.01831ca0@mail.sage-american.com>
X-Mailer: Mew version 2.1 on Emacs 21.1 / Mule 5.0 (SAKAKI)
Mime-Version: 1.0
Content-Type: Text/Plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Sender: owner-freebsd-stable@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-stable.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-stable>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-stable>
X-Loop: FreeBSD.ORG

In message: <3.0.5.32.20020127075816.01831ca0@mail.sage-american.com>
            jacks@sage-american.com writes:
: What would be wrong with booting without loading a FW script and then
: loading the rules after the boot is finished...???

Right now what I have works.  You are changing the semantics of a
security related feature of the system in such a way that after this
change what I have will not work.  I agree that your work around will
allow me to easily correct things.  However, if I fail to do so, I
open my firewall up completely.  To me, that's an unacceptible change
in the API.

Warner

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-stable" in the body of the message