Date: Sun, 27 Jan 2002 07:58:16 -0600 From: jacks@sage-american.com To: "M. Warner Losh" <imp@village.org>, cjc@FreeBSD.ORG Cc: nate@yogotech.com, stable@FreeBSD.ORG Subject: Re: Firewall config non-intuitiveness Message-ID: <3.0.5.32.20020127075816.01831ca0@mail.sage-american.com> In-Reply-To: <20020127.052626.107682843.imp@village.org> References: <20020127014848.F23259@blossom.cjclark.org> <15443.44156.595426.139371@caddis.yogotech.com> <20020127.004656.53474822.imp@village.org> <20020127014848.F23259@blossom.cjclark.org>
next in thread | previous in thread | raw e-mail | index | archive | help
What would be wrong with booting without loading a FW script and then loading the rules after the boot is finished...??? At 05:26 AM 1.27.2002 -0700, M. Warner Losh wrote: >In message: <20020127014848.F23259@blossom.cjclark.org> > "Crist J. Clark" <cjc@FreeBSD.ORG> writes: >: Warner, if the proposed change were to be made, you could get the same >: effect by doing, >: >: firewall_enable="YES" >: firewall_script="/dev/null" >: >: Which I think more accurately describes the behavior you want (if >: someone were to browse the rc.conf and try to understand your >: configuration, they'd be more likely to understand what you are trying >: to do if they saw the above). You want to enable firewalling, but >: don't want to load any rules. > >But I don't want it to fail unsafely. That's the part that I still do >not like about the change and why I'm making a big deal out of it. >This is a security feature that you are proposing that we depart from >our long standing tradition and make fail unsafely. > >rc scipts shouldn't take things out of the kernel that people have >specifically compiled into the kernel. > >Warner > >To Unsubscribe: send mail to majordomo@FreeBSD.org >with "unsubscribe freebsd-stable" in the body of the message > > Best regards, Jack L. Stone, Server Admin =================================================== Sage-American http://www.sage-american.com jacks@sage-american.com "My center is giving way, my right is in retreat; ....situation excellent! ....I shall attack!" =================================================== To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3.0.5.32.20020127075816.01831ca0>