Skip site navigation (1)Skip section navigation (2)
Date:      Sun, 27 Jan 2002 13:37:36 -0600
From:      "Mike Meyer" <mwm-dated-1012592257.1c6e60@mired.org>
To:        charon@seektruth.org
Cc:        stable@freebsd.org
Subject:   Re: Firewall config non-intuitiveness
Message-ID:  <15444.22272.911155.374282@guru.mired.org>
In-Reply-To: <200201271853.g0RIrVF03620@midway.uchicago.edu>
References:  <3.0.5.32.20020127075816.01831ca0@mail.sage-american.com> <200201271757.g0RHvTF12944@midway.uchicago.edu> <20020127.110854.32932954.imp@village.org> <200201271853.g0RIrVF03620@midway.uchicago.edu>

next in thread | previous in thread | raw e-mail | index | archive | help
David Syphers <dsyphers@uchicago.edu> types:
> The default rc.conf says next to firewall_enable "Set to YES to enable 
> firewall functionality," which implies that NO disables firewall 
> functionality.

It doesn't imply that to me. It implies that the system isn't going to
do anything to enable the firewall, which in particular means that
it's not going to do anything about anything I've done about firewalls
- like setting up one with ipfilter instead of ipfw, or using one
built from tcp_wrappers, or using one enabled in the kernel.

With your logic, setting syslogd_enable to "NO" would disable starting
syslog-ng from /usr/local/etc/rc.d instead of just not starting the
standard syslog. And so on through a long list of other things that
are set to YES to enable a default version of something, and set to NO
to not enable the default version.

	<mike
--
Mike Meyer <mwm@mired.org>			http://www.mired.org/home/mwm/
Independent WWW/Perforce/FreeBSD/Unix consultant, email for more information.

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-stable" in the body of the message




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?15444.22272.911155.374282>