Date: Mon, 13 Jan 2003 10:18:56 -0700 (MST) From: "M. Warner Losh" <imp@bsdimp.com> To: nick@garage.freebsd.pl Cc: dillon@FreeBSD.org, cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org Subject: Re: cvs commit: src/sbin/ipfw ipfw.8 ipfw2.c Message-ID: <20030113.101856.56901754.imp@bsdimp.com> In-Reply-To: <20030113075934.GE9430@garage.freebsd.pl> References: <200301120331.h0C3VA2H040455@repoman.freebsd.org> <20030113075934.GE9430@garage.freebsd.pl>
next in thread | previous in thread | raw e-mail | index | archive | help
In message: <20030113075934.GE9430@garage.freebsd.pl>
Pawel Jakub Dawidek <nick@garage.freebsd.pl> writes:
: On Sat, Jan 11, 2003 at 07:31:10PM -0800, Matt Dillon wrote:
: +> It turns out that we do not need to add a new ioctl to unbreak a
: +> default-to-deny firewall. Simply turning off IPFW via a preexisting
: +> sysctl does the job. To make it more apparent (since nobody picked up
: +> on this in a week's worth of flames), the boolean sysctl's have been
: +> integrated into the /sbin/ipfw command set in an obvious and straightforward
: +> manner. For example, you can now do 'ipfw disable firewall' or
: +> 'ipfw enable firewall'. This is far easier to remember then the
: +> net.inet.ip.fw.enable sysctl.
:
: And what when securelevel >= 3?
The new ioctl wouldn't work at that level anyway.
Warner
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe cvs-all" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20030113.101856.56901754.imp>