From owner-freebsd-stable Tue Oct 14 03:55:06 1997 Return-Path: Received: (from root@localhost) by hub.freebsd.org (8.8.7/8.8.7) id DAA09252 for stable-outgoing; Tue, 14 Oct 1997 03:55:06 -0700 (PDT) (envelope-from owner-freebsd-stable) Received: from norden1.com (norden1.com [192.153.35.1]) by hub.freebsd.org (8.8.7/8.8.7) with ESMTP id DAA09241 for ; Tue, 14 Oct 1997 03:55:00 -0700 (PDT) (envelope-from hometeam@techpower.net) From: hometeam@techpower.net Received: from techpower.net (hometeam@techpower.net [206.244.73.241]) by norden1.com (8.8.7/8.8.7) with ESMTP id GAA01798; Tue, 14 Oct 1997 06:52:40 -0400 (EDT) Received: from localhost (hometeam@localhost) by techpower.net (8.8.7/8.8.5) with SMTP id GAA29781; Tue, 14 Oct 1997 06:52:49 -0400 (EDT) Date: Tue, 14 Oct 1997 06:52:49 -0400 (EDT) To: Studded cc: "freebsd-stable@freebsd.org" Subject: Re: Problem with rc.conf/rc.firewall In-Reply-To: <199710140043.RAA27934@mail.san.rr.com> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-stable@FreeBSD.ORG X-Loop: FreeBSD.org Precedence: bulk I have allways put the option in rc.conf ,...Not firewall="YES" firewall="open" simple or what ever.. you don't need to change anything in rc.firewall other then your filters. I didn't see much problem with it myself. I guess a info file would be a plus . allthough most on here are will to help and answers giving quickly. why don't you write one....? On Mon, 13 Oct 1997, Studded wrote: > > Using 2.2.5-971012-BETA I upgraded my system with the tried and > true make world + fold in /etc changes method. It completed without > errors (after I removed the -j 2 from make *grumble*) and then I made > the kernel from the same kernel config file I used with the > 2.2-970901-STABLE sources previously that included ipfw. I set the > firewall option to YES in rc.conf, and set the type to OPEN. > > A gold star to anyone who has already spotted the problem, the > rc.firewall script expects "${firewall_type}" = "open", not OPEN, and > it bombed out. IMO putting the firewall_type option rc.conf is a big > mistake. It loses big in functionality what little it makes up for in > convenience, especially when I'm 600 miles from the machine. > > In order of importance, suggestion number one is to return the > firewall_type option to rc.firewall, include firewall_quiet, and put a > note below firewall_enable saying that there are options to set in > rc.firewall if you enable it. This will reduce the likelihood of an > error like mine, and has the added advantage of removing two > little-used options from an already crowded rc.conf. Suggestion number > two is to make the type open BY DEFAULT, and let the person change it > if need be. There is really no reason to set up stumbling blocks that > people don't need if they can be so easily avoided. Third, it would be > nice if the script (and the rc scripts in general) were made case > insensitive, either by some sh trick, or some OR statements. Finally a > warning in rc.conf that the options are case sensitive would be a plus. > > > I can produce diffs and send this as a PR if requested, but it > is only a few lines in each place. > > Thanks, > > Doug > > *** Proud operator, designer and maintainer of the world's largest > *** Internet Relay Chat server. 4,168 clients and still growing. :-) > *** Try spider.dal.net on ports 6662-4 (Powered by FreeBSD) > > hometeam@techpower.net --We cannot all be masters, nor all masters Cannot be truly follow'd-- -----BEGIN PGP MESSAGE----- Version: 2.6.2 owEBqwBU/4kAlQMFADRCxNWhsddKSTR+6QEBelED/jzeC3btZfqSdIfrNoCgwUJJ iNQ33UQoMyJ2ygkfl72xP5J79yml/F4P73GnNaDVbaMOmOG2NNAi5ElE73wRh54U 17kH+n5XnYeqekV8T2TG2Q6ex3UotXPyZ1vvrCrSxapOz6a4hh0GQeA55rcwLy2W ROHwxfvaVsrX5iVOkRoerBFiC21lc3NhZ2UudHh0AAAAAA== =jCvF -----END PGP MESSAGE-----