In message: <[EMAIL PROTECTED]> "Crist J. Clark" <[EMAIL PROTECTED]> writes: : Warner, if the proposed change were to be made, you could get the same : effect by doing, : : firewall_enable="YES" : firewall_script="/dev/null" : : Which I think more accurately describes the behavior you want (if : someone were to browse the rc.conf and try to understand your : configuration, they'd be more likely to understand what you are trying : to do if they saw the above). You want to enable firewalling, but : don't want to load any rules.
But I don't want it to fail unsafely. That's the part that I still do not like about the change and why I'm making a big deal out of it. This is a security feature that you are proposing that we depart from our long standing tradition and make fail unsafely. rc scipts shouldn't take things out of the kernel that people have specifically compiled into the kernel. Warner To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-stable" in the body of the message
