Date: Mon, 28 Jan 2002 13:47:17 -0700 From: Chad David <davidc@acns.ab.ca> To: "Jacques A. Vidrine" <n@nectar.cc>, freebsd-stable@FreeBSD.ORG Subject: Re: firewall config (CTFM) Message-ID: <20020128134717.F66369@colnta.acns.ab.ca> In-Reply-To: <20020128203640.GB42996@madman.nectar.cc>; from n@nectar.cc on Mon, Jan 28, 2002 at 02:36:40PM -0600 References: <B95B566BD245174196CA4EE29E5818831B6469@HEXCH01.robhughes.com> <20020128113806.O95859-100000@rockstar.stealthgeeks.net> <20020128132015.A66369@colnta.acns.ab.ca> <20020128203640.GB42996@madman.nectar.cc>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, Jan 28, 2002 at 02:36:40PM -0600, Jacques A. Vidrine wrote: > On Mon, Jan 28, 2002 at 01:20:15PM -0700, Chad David wrote: > > One of the things I would recommend documenting very clearly is that > > you DO NOT NEED TO COMPILE IPFW INTO THE KERNEL. > > Except if you want to default to deny, you must [1]. The rc system > loads the firewall after configuring your interfaces. This may be a > bug. Hmmm, possibly. But given that this is exactly the behavior that is being argued for I'm not sure I'd call it a bug. If you want rc.conf to be able to disable or enable the actual firewall code then this is something that you have to live with, unless it defaults to deny and when == "NO" is found it disables it, but the if you for some reason make a mistake you are locked out (which I like), and that was at least one of the problems people have had with the current way things work. -- Chad David davidc@acns.ab.ca www.FreeBSD.org davidc@freebsd.org ACNS Inc. Calgary, Alberta Canada Fourthly, The constant breeders, beside the gain of eight shillings sterling per annum by the sale of their children, will be rid of the charge of maintaining them after the first year. - Johnathan Swift To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020128134717.F66369>