Date: Thu, 31 Jan 2002 12:24:48 +1100 From: Mark.Andrews@isc.org To: Matthew Dillon <dillon@apollo.backplane.com> Cc: Matthew Whelan <muttley@gotadsl.co.uk>, "Thomas T. Veldhouse" <veldy@veldy.net>, andrew.cowan@hsd.com.au, "Nate Williams" <nate@yogotech.com>, "Freebsd-Stable" <freebsd-stable@FreeBSD.ORG> Subject: Re: Proposed Solution To Recent "firewall_enable" Thread. [Please Read] Message-ID: <200201310124.g0V1Oms10734@drugs.dv.isc.org> In-Reply-To: Your message of "Wed, 30 Jan 2002 16:42:03 -0800." <200201310042.g0V0g3255325@apollo.backplane.com>
next in thread | previous in thread | raw e-mail | index | archive | help
> :It's possible that the nature of the rules precludes loading them via > :rc.conf's firewall_* variables - Warner, for example, has a real-life > :example of this in his network. > > ... In which case it is utterly trivial to configure rc.conf such > that the ipfw rules aren't changed. You don't have to make 'NO' do > nothing in order to accomplish that. > > NO in this context is very clear: I don't want firewall rules, not > even the default deny. It should put the computer into the same > effective state no matter how the kernel is compiled. In your opinion. Personally I find the current behaviour perfectly consistant and don't want it to change, i.e. NO does nothing. However I'm not going to rant and rave about it if it does change. Make the variable tri-state, i.e. add DISABLE. Document it and be done. Start your own distribution if you don't like how its being done. In otherwords stop complaining about it. It's clear that the meaning of NO is not going to change for stable. This whole discussion should die. Mark > I find it quite unbelievable that people are even arguing over this. > It's as though some people WANT to make rc.conf as obfuscated and > confusing as possible. > > -Matt -- Mark Andrews, Internet Software Consortium 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: Mark.Andrews@isc.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200201310124.g0V1Oms10734>