From owner-freebsd-stable Wed Jan 30 16:42:17 2002 Delivered-To: freebsd-stable@freebsd.org Received: from apollo.backplane.com (apollo.backplane.com [216.240.41.2]) by hub.freebsd.org (Postfix) with ESMTP id CBA9B37B417 for ; Wed, 30 Jan 2002 16:42:09 -0800 (PST) Received: (from dillon@localhost) by apollo.backplane.com (8.11.6/8.9.1) id g0V0g3255325; Wed, 30 Jan 2002 16:42:03 -0800 (PST) (envelope-from dillon) Date: Wed, 30 Jan 2002 16:42:03 -0800 (PST) From: Matthew Dillon Message-Id: <200201310042.g0V0g3255325@apollo.backplane.com> To: Matthew Whelan Cc: "Thomas T. Veldhouse" , andrew.cowan@hsd.com.au, "Nate Williams" , "Freebsd-Stable" Subject: Re: Proposed Solution To Recent "firewall_enable" Thread. [Please Read] References: Sender: owner-freebsd-stable@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG :It's possible that the nature of the rules precludes loading them via :rc.conf's firewall_* variables - Warner, for example, has a real-life :example of this in his network. ... In which case it is utterly trivial to configure rc.conf such that the ipfw rules aren't changed. You don't have to make 'NO' do nothing in order to accomplish that. NO in this context is very clear: I don't want firewall rules, not even the default deny. It should put the computer into the same effective state no matter how the kernel is compiled. I find it quite unbelievable that people are even arguing over this. It's as though some people WANT to make rc.conf as obfuscated and confusing as possible. -Matt To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message