Date: Wed, 30 Jan 2002 16:42:03 -0800 (PST) From: Matthew Dillon <dillon@apollo.backplane.com> To: Matthew Whelan <muttley@gotadsl.co.uk> Cc: "Thomas T. Veldhouse" <veldy@veldy.net>, andrew.cowan@hsd.com.au, "Nate Williams" <nate@yogotech.com>, "Freebsd-Stable" <freebsd-stable@FreeBSD.ORG> Subject: Re: Proposed Solution To Recent "firewall_enable" Thread. [Please Read] Message-ID: <200201310042.g0V0g3255325@apollo.backplane.com> References: <JI75GAYSTRA5PJZYUKGON75TOB88.3c586114@VicNBob>
next in thread | previous in thread | raw e-mail | index | archive | help
:It's possible that the nature of the rules precludes loading them via
:rc.conf's firewall_* variables - Warner, for example, has a real-life
:example of this in his network.
... In which case it is utterly trivial to configure rc.conf such
that the ipfw rules aren't changed. You don't have to make 'NO' do
nothing in order to accomplish that.
NO in this context is very clear: I don't want firewall rules, not
even the default deny. It should put the computer into the same
effective state no matter how the kernel is compiled.
I find it quite unbelievable that people are even arguing over this.
It's as though some people WANT to make rc.conf as obfuscated and
confusing as possible.
-Matt
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-stable" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200201310042.g0V0g3255325>