Kian Mohageri wrote:
After re-reading your original idea, I think I understand a little
better what you mean to do. For clarification, are you proposing that
the [early] firewall scripts do nothing if firewall_late_enable=YES, and
then have all firewalling taken care of later in the boot process (i.e.
post-networking) by firewall_late?
I think I might have misunderstood your original proposal:)
I think so too. :) To be clear, what I'm suggesting is that we move
ipfw and pf to a spot in the rcorder that is ahead of netif, along
with ipfilter which is already there. I am not suggesting that we
change their functionality, just the ordering. As a completely
separate thing (although they could be done at the same time) I am
suggesting _adding_ a new script for "late" firewall rules (where
"late" is defined as after netif) so that people who want to do
firewall-related things that require netif (like cloned interfaces,
FQDN rules, etc.) will have a standard way to accomplish that.
Thanks for the opportunity to clarify,
Doug
--
This .signature sanitized for your protection
_______________________________________________
freebsd-net@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
