From owner-freebsd-stable  Wed Jan 30 18:24: 5 2002
Delivered-To: freebsd-stable@freebsd.org
Received: from gw.nectar.cc (gw.nectar.cc [208.42.49.153])
	by hub.freebsd.org (Postfix) with ESMTP id 7775537B404
	for <freebsd-stable@FreeBSD.ORG>; Wed, 30 Jan 2002 18:23:57 -0800 (PST)
Received: by gw.nectar.cc (Postfix, from userid 1001)
	id D0E6A34; Wed, 30 Jan 2002 20:23:56 -0600 (CST)
Date: Wed, 30 Jan 2002 20:23:56 -0600
From: "Jacques A. Vidrine" <n@nectar.cc>
To: Matthew Dillon <dillon@apollo.backplane.com>
Cc: Matthew Whelan <muttley@gotadsl.co.uk>,
	"Thomas T. Veldhouse" <veldy@veldy.net>, andrew.cowan@hsd.com.au,
	Nate Williams <nate@yogotech.com>,
	Freebsd-Stable <freebsd-stable@FreeBSD.ORG>
Subject: Re: Proposed Solution To Recent "firewall_enable" Thread. [Please Read]
Message-ID: <20020130202356.A47852@hellblazer.nectar.cc>
Mail-Followup-To: "Jacques A. Vidrine" <n@nectar.cc>,
	Matthew Dillon <dillon@apollo.backplane.com>,
	Matthew Whelan <muttley@gotadsl.co.uk>,
	"Thomas T. Veldhouse" <veldy@veldy.net>, andrew.cowan@hsd.com.au,
	Nate Williams <nate@yogotech.com>,
	Freebsd-Stable <freebsd-stable@FreeBSD.ORG>
References: <JI75GAYSTRA5PJZYUKGON75TOB88.3c586114@VicNBob> <200201310042.g0V0g3255325@apollo.backplane.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.2.5i
In-Reply-To: <200201310042.g0V0g3255325@apollo.backplane.com>; from dillon@apollo.backplane.com on Wed, Jan 30, 2002 at 04:42:03PM -0800
X-Url: http://www.nectar.cc/
Sender: owner-freebsd-stable@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-stable.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-stable>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-stable>
X-Loop: FreeBSD.ORG

On Wed, Jan 30, 2002 at 04:42:03PM -0800, Matthew Dillon wrote:
>     ... In which case it is utterly trivial to configure rc.conf such 
>     that the ipfw rules aren't changed.  You don't have to make 'NO' do
>     nothing in order to accomplish that.
> 
>     NO in this context is very clear:  I don't want firewall rules, not
>     even the default deny.  It should put the computer into the same 
>     effective state no matter how the kernel is compiled.
> 
>     I find it quite unbelievable that people are even arguing over this.
>     It's as though some people WANT to make rc.conf as obfuscated and
>     confusing as possible.

If you are talking about changing it in -STABLE:
   Forget it.  We're not going to have `firewall_enable=NO' suddenly
   result in turning off firewall functionality.  Never mind that I
   think that's a silly interpretation -- it's just that it is too
   dangerous.

If you are talking about changing it in -CURRENT:
   Please take this thread to <freebsd-current@freebsd.org> already!

-- 
Jacques A. Vidrine <n@nectar.cc>                     http://www.nectar.cc/
NTT/Verio SME           .      FreeBSD UNIX      .        Heimdal Kerberos
jvidrine@verio.net      .   nectar@FreeBSD.org   .           nectar@kth.se

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-stable" in the body of the message