From owner-freebsd-stable  Wed Jan 30 19:15:22 2002
Delivered-To: freebsd-stable@freebsd.org
Received: from relay.pair.com (relay1.pair.com [209.68.1.20])
	by hub.freebsd.org (Postfix) with SMTP id 58BA837B416
	for <stable@freebsd.org>; Wed, 30 Jan 2002 19:15:17 -0800 (PST)
Received: (qmail 46964 invoked from network); 31 Jan 2002 03:15:14 -0000
Received: from softdnserror (HELO mail.bacxs.com) (67.8.29.100)
  by relay1.pair.com with SMTP; 31 Jan 2002 03:15:14 -0000
X-pair-Authenticated: 67.8.29.100
Received: from massive.bacxs.com by mail.bacxs.com
	with SMTP (MDaemon.PRO.v5.0.0d.R)
	for <stable@freebsd.org>; Wed, 30 Jan 2002 22:10:37 -0500
Message-Id: <5.1.0.14.0.20020130220527.02973650@127.0.0.1>
X-Sender: mwoodson@127.0.0.1
X-Mailer: QUALCOMM Windows Eudora Version 5.1
Date: Wed, 30 Jan 2002 22:10:36 -0500
To: stable@freebsd.org
From: Mark Woodson <mwoodson@bacxs.com>
Subject: Re: *_enable="YES" behavior is bogus
  *h+%X^n0EZd>TM8_IB;a8F?(Fb"lw'IgCoyM.[Lg#r\
In-Reply-To: <20020130172655.GA1216@raggedclown.net>
References: <5.1.0.14.0.20020129214601.02281df8@127.0.0.1>
 <15447.22597.666281.179771@guru.mired.org>
 <5.1.0.14.0.20020129214601.02281df8@127.0.0.1>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format=flowed
X-Return-Path: mwoodson@bacxs.com
X-MDaemon-Deliver-To: stable@freebsd.org
Sender: owner-freebsd-stable@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-stable.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-stable>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-stable>
X-Loop: FreeBSD.ORG

At 06:26 PM 1/30/2002 +0100, Cliff Sarginson wrote:
>On Tue, Jan 29, 2002 at 09:49:11PM -0500, Mark Woodson wrote:
> > At 08:19 PM 1/29/2002 -0600, Mike Meyer wrote:
> > >I was going to say non-intuitive, since everyone likes slinging that
> > >one around, but remembered what someone who knows more than a few
> > >things about interface design had to say about "intuitive" interfaces:
> > >
> > >    When users say that an interface is intuitive, they mean that it
> > >    operates just like some other software or method with which they
> > >    are familiar.[*]
> >
> > People mock that which they do not understand.
> >
>And people make smart-arse remarks like yours, thinking that qualifies
>as some kind of answer.

And some people don't actually read what they respond to.

I don't feel that the current system needs changing.  It's my thought that 
if you go to the extra trouble of compiling ipfw or ipf into the kernel, 
then you want it and you get it.  No matter what you've set in rc.conf.

Perhaps the docs should be modified to make that behavior more clear, but 
if you have a machine set up as a firewall having it's functionality as a 
firewall eliminated by setting enable="NO" is unacceptable from a security 
standpoint.

-Mark



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-stable" in the body of the message