Skip site navigation (1)Skip section navigation (2) 
Date:      Sun, 27 Jan 2002 22:09:23 +0100
From:      Gerhard Sittig <Gerhard.Sittig@gmx.net>
To:        stable@freebsd.org
Subject:   Re: Firewall config non-intuitiveness
Message-ID:  <20020127220923.B1494@shell.gsinet.sittig.org>
In-Reply-To: <20020127.120138.07163985.imp@village.org>; from imp@village.org on Sun, Jan 27, 2002 at 12:01:38PM -0700
References:  <200201271757.g0RHvTF12944@midway.uchicago.edu> <20020127.110854.32932954.imp@village.org> <200201271853.g0RIrVF03620@midway.uchicago.edu> <20020127.120138.07163985.imp@village.org>
next in thread | previous in thread | raw e-mail | index | archive | help 
On Sun, Jan 27, 2002 at 12:01 -0700, M. Warner Losh wrote:
> 
> Please write up the exact details that you want to do so that those on
> security-officer know exactly what you are proposing.  It is my
> understanding that you want to make enable_firewall=NO totally dyke
> out the firewall that was compiled into the kernel and be a totally
> open realy.  I know that this breaks at least one machine that I have,
> but I also know that this breaks our current fail-safe behavior, which
> I'm strongly opposed to.

I filed a PR which does adjust the rc.conf comment (I understand
that LINT resp. NOTES as well as "man 5 rc.conf" both told the
originator of the thread what would happen while rc.conf was too
short and not authoritative enough a source to stop him from
shooting into his foot).

The synopsis is "[PATCH] rc.conf comment misleading
(firewall_enable)", the numeric handle is not available
yet.  The PR submit message actually went out together with
this one -- I live on a dialup line ...


virtually yours   82D1 9B9C 01DC 4FB4 D7B4  61BE 3F49 4F77 72DE DA76
Gerhard Sittig   true | mail -s "get gpg key" Gerhard.Sittig@gmx.net
-- 
     If you don't understand or are scared by any of the above
             ask your parents or an adult to help you.

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-stable" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020127220923.B1494>