Date: Sat, 25 Mar 2000 23:34:27 -0500 From: Tom Legg <tjlegg@shore.net> To: Doug Barton <Doug@gorean.org> Cc: freebsd-stable@freebsd.org Subject: Re: Minor rc.network bug for 4.0 and ipfw Message-ID: <p04310102b50341186e5f@[207.244.92.51]> In-Reply-To: <38DD8E7B.CA0781BD@gorean.org> References: <p04310101b5032cb2a0b9@[207.244.92.51]> <38DD87C8.8D8FC976@gorean.org> <p04310101b5033a42d23f@[207.244.92.51]> <38DD8E7B.CA0781BD@gorean.org>
next in thread | previous in thread | raw e-mail | index | archive | help
At 8:13 PM -0800 3/25/2000, Doug Barton wrote: >Tom Legg wrote: > >> In fact the current situation renders the rc.conf flag for >> firewall_enable mute. You might as well eliminate the flag and have >> /etc/rc.network check whether net.inet.ip.fw.enable=1 and go from >> there. > > I think you mean moot. :) In any case, the current set of options >allows a user to specify the settings in rc.conf without compiling the >ipfw stuff into the kernel. > >Doug I'm SHIRLEY not arguing against allowing the rc scripts loading the kernel modules if firewall_enable="YES". All I'm saying is that an admin that is sophisticated enough to compile a custom kernel with IPFW is also sophisticated enough to change the rc flag to "YES" when they want the firewall enabled. But I "pity the foo" that has to come and adminster a system where firewall_enable="NO" in boot up does not mean net.inet.ip.fw.enable=0 . when 0=1 even us poor luser FreeBSD admin wannabes get confused (how the h*ll can we blue screen for division by 0 if 0=1?) -- ----- Tom Legg tjlegg@shore.net http://www.shore.net/~tjlegg/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?p04310102b50341186e5f>