[Bug 238694] Configuring & using a customized IPFW rule set now causes additional rles to be (involuntarily) added
bugzilla-noreply at freebsd.org
bugzilla-noreply at freebsd.org
Thu Jun 20 05:50:35 UTC 2019
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=238694
--- Comment #5 from Rodney W. Grimes <rgrimes at FreeBSD.org> ---
(In reply to rkoberman from comment #4)
Your now implementing, or advocating implementing, policies that are simply not
within the scope of what FreeBSD should be implementing.
I'll give you that your list of default requirements are valid, and correct,
but the moment a user TOUCHES firewall_foo we are no longer in the default
world, and we should fully respect what ever policy the user so chooses and
should fully and correctly do so in the most painless way possible.
If the user wishes to change things he shall be allowed to, otherwise we are
driving him to go edit etc/rc.firewall and that is not the desired results.
Furthermore this IS a regression in behavior, in the past we had no such rules
being added in this case, and that more than anything is the reason we have
this bug report at all and we should respect that as a true and valid issue.
Bottom line, no one is advocating changing what the end results of the DEFAULT
configuration is, we (I) are advocating that things be made properly flexible
and backwards compatible, ie this users old and working configuration suddenly
broke in unexpected ways and that is just bad.
It is rather trivial to fix:
case ${firewall_type} in
(very long regex that matches all the known types)
setup_loopback
setup_ipv6_mandatory
esac
restored prior behavior and your "Requriements" have also been met.
--
You are receiving this mail because:
You are the assignee for the bug.
More information about the freebsd-ipfw
mailing list