Skip site navigation (1)Skip section navigation (2) 
Date:      Fri, 25 Jan 2002 18:17:52 -0800 (PST)
From:      Patrick Greenwell <patrick@stealthgeeks.net>
To:        Bob K <melange@yip.org>
Cc:        stable@FreeBSD.ORG
Subject:   Re: Firewall config non-intuitiveness
Message-ID:  <20020125181141.N55633-100000@rockstar.stealthgeeks.net>
In-Reply-To: <20020125210254.B454@yip.org>
next in thread | previous in thread | raw e-mail | index | archive | help 
On Fri, 25 Jan 2002, Bob K wrote:

> > I could be mistaken, but it would seem to me that the number of
> > individuals that really want to deny all traffic to and from their
> > machine(which is the current result of setting firewall_enable to no)
> > is relatively small.
>
> If the variable name gets changed to, say, LOAD_FIREWALL_RULES, with the
> rc scripts spitting out a warning (and otherwise behaving as expected)
> if ENABLE_FIREWALL is encountered, then the number of people that gets
> surprised by the change would be zero.  That number would be higher
> than zero if the variable behaviour is changed.

The variable behavior is non-sensical. Do you continue doing things that
don't make sense simply due to inertia? (I feel a PHB story coming on...)

Further, doesn't the act of adding variables "suprise" people?

> As for people that want to deny all traffic, I can think of at least one
> case where this might be desired:  People who only want connectivity
> enabled after a PPP or SL/IP or some scripted link with user
> intervention comes up.

It is always easy to find edge cases which is why I try to avoid speaking
in absolutes. In any case, do you believe that there are thousands of
people out there running systems in the particular fashion you describe
above?


/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\
                               Patrick Greenwell
                     Stealthgeeks,LLC. Operations Consulting
                          http://www.stealthgeeks.net
\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-stable" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020125181141.N55633-100000>