Subject: Re: admin script for ipfilter
To: Hubert Feyrer <firstname.lastname@example.org>
From: Thor Lancelot Simon <email@example.com>
Date: 12/29/2006 15:03:52
On Thu, Dec 28, 2006 at 12:56:45AM +0100, Hubert Feyrer wrote:
> >The name of the game is to make the interface to using the scripts
> >something else so that you don't need to know the name of the script
> >or its location, just the the name of the service.
> So the point is to add a second interface to disable/enable services,
> besides editing /etc/rc.conf, that keeps state in single files (as already
> provided by the rc.subr framework) and that prevents users from knowing
> directory/path data?
I think the very existence of the individual files is a mistake. I am
aware that it makes it easier to programattically manage the settings;
but gathering all the data into rc.conf was a major win for the current
system over what we had before, and spreading it back out makes things
more opaque and makes it harder for admins to see the state of the system
at a glance; that kinda sucks.
That said, if we are going to have rc.conf and the multiple files, we
*should* have a tool that can gather all the data and spit out a single
file with the entire settings that are currently in effect. If the rcadmin
script can do it for one subsystem it can presumably do it for all with just
a little work, so I'd be glad to see it go into the tree.