From owner-freebsd-stable  Wed May 29 23:44:51 2002
Delivered-To: freebsd-stable@freebsd.org
Received: from damnhippie.dyndns.org (12-253-177-2.client.attbi.com [12.253.177.2])
	by hub.freebsd.org (Postfix) with ESMTP id 45AAB37B40A
	for <freebsd-stable@freebsd.org>; Wed, 29 May 2002 23:44:32 -0700 (PDT)
Received: from [172.22.42.2] (peace.hippie.lan [172.22.42.2])
	by damnhippie.dyndns.org (8.12.3/8.12.3) with ESMTP id g4U6iQ6r032538
	for <freebsd-stable@freebsd.org>; Thu, 30 May 2002 00:44:26 -0600 (MDT)
	(envelope-from freebsd@damnhippie.dyndns.org)
User-Agent: Microsoft Outlook Express Macintosh Edition - 5.01 (1630)
Date: Thu, 30 May 2002 00:44:33 -0600
Subject: Re: Server won't boot after recompile the kernel with ipfw
	support 
From: Ian <freebsd@damnhippie.dyndns.org>
To: freebsd-stable <freebsd-stable@freebsd.org>
Message-ID: <B91B2671.D6B3%freebsd@damnhippie.dyndns.org>
In-Reply-To: <20020530052533.175243E2D@CRWdog.demon.co.uk>
Mime-version: 1.0
Content-type: text/plain; charset="US-ASCII"
Content-transfer-encoding: 7bit
Sender: owner-freebsd-stable@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-stable.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-stable>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-stable>
X-Loop: FreeBSD.ORG

On 05/29/02 23:25, Andy Sparrow wrote:

> 
>> Setting firewall_type to a file name will just ensure that no rules are
>> added at all, it won't match any cases in /etc/rc.firewall.
> 
> Scanning rc.network quickly, it looks like you're correct for recent -STABLE.
>
> In which case the following comments in rc.firewall should be reaped, surely?:
> 
> ############
> # Define the firewall type in /etc/rc.conf.  Valid values are:
> #   open     - will allow anyone in
> #   client   - will try to protect just this machine
> #   simple   - will try to protect a whole network
> #   closed   - totally disables IP services except via lo0 interface
> #   UNKNOWN  - disables the loading of firewall rules.
> #   filename - will load the rules in the given filename (full path required)
> #
> 
> 
> 
> 

Look at rc.firewall, the * case in the switch checks to see if the
firewall_type is a file that can be read and if so it uses it.  I think the
comments are still valid.  Certainly it still works that way for me, and I'm
sync'd up with -STABLE as of about a week ago.

-- Ian


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-stable" in the body of the message