From owner-freebsd-stable Fri Jan 25 17:40:18 2002 Delivered-To: freebsd-stable@freebsd.org Received: from rockstar.stealthgeeks.net (h-66-134-120-173.LSANCA54.covad.net [66.134.120.173]) by hub.freebsd.org (Postfix) with SMTP id 3606537B436 for ; Fri, 25 Jan 2002 17:40:05 -0800 (PST) Received: (qmail 55225 invoked by uid 1001); 26 Jan 2002 01:40:04 -0000 Received: from localhost (sendmail-bs@127.0.0.1) by localhost with SMTP; 26 Jan 2002 01:40:04 -0000 Date: Fri, 25 Jan 2002 17:40:04 -0800 (PST) From: Patrick Greenwell To: Bob K Cc: stable@FreeBSD.ORG Subject: Re: Firewall config non-intuitiveness In-Reply-To: <20020125203328.A454@yip.org> Message-ID: <20020125173525.O55184-100000@rockstar.stealthgeeks.net> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-stable@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG On Fri, 25 Jan 2002, Bob K wrote: > The problem is that you're not taking into account the installed base of > users who twiddle this knob. How many angry firewall admins will come > into being when the behaviour suddenly stops being, "don't load any > firewall rules" and starts being, "disable the firewall"? I could be mistaken, but it would seem to me that the number of individuals that really want to deny all traffic to and from their machine(which is the current result of setting firewall_enable to no) is relatively small. /\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\ Patrick Greenwell Stealthgeeks,LLC. Operations Consulting http://www.stealthgeeks.net \/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message