Be more explicit about one of IPFIREWALL's features.

svn path=/head/; revision=29737

sys/conf/NOTES

@@ -2,7 +2,7 @@
 # LINT -- config file for checking all the sources, tries to pull in
 #	as much of the source tree as it can.
 #
-#	$Id: LINT,v 1.367 1997/09/19 15:25:48 jmg Exp $
+#	$Id: LINT,v 1.368 1997/09/20 07:41:28 dyson Exp $
 #
 # NB: You probably don't want to try running a kernel built from this
 # file.  Instead, you should start from GENERIC, and add options from
@@ -368,6 +368,15 @@ pseudo-device	tun	1		#Tunnel driver(user process ppp)
 # conjunction with the `ipfw' program.  IPFIREWALL_VERBOSE sends
 # logged packets to the system logger.  IPFIREWALL_VERBOSE_LIMIT
 # limits the number of times a matching entry can be logged.
+<<<<<<< LINT
+#
+# WARNING:  IPFIREWALL defaults to a policy of "deny ip from any to any"
+# and if you do not add other rules during startup to allow access,
+# YOU WILL LOCK YOURSELF OUT.  It is suggested that you set firewall=open
+# in /etc/rc.conf when first enabling this feature, then refining the
+# firewall rules in /etc/rc.firewall after you've tested that the new kernel
+# feature works properly.
+=======
 # IPFIREWALL_DEFAULT_TO_ACCEPT causes the default rule (at boot) to
 # allow everything.  Use with care, if a cracker can crash your
 # firewall machine, they can get to your protected machines.  However,
@@ -375,6 +384,7 @@ pseudo-device	tun	1		#Tunnel driver(user process ppp)
 # they arise, then this may be for you.  Changing the default to 'allow'
 # means that you won't get stuck if the kernel and /sbin/ipfw binary get
 # out of sync.
+>>>>>>> 1.364
 #
 # IPDIVERT enables the divert IP sockets, used by ``ipfw divert''
 #

sys/i386/conf/LINT

@@ -2,7 +2,7 @@
 # LINT -- config file for checking all the sources, tries to pull in
 #	as much of the source tree as it can.
 #
-#	$Id: LINT,v 1.367 1997/09/19 15:25:48 jmg Exp $
+#	$Id: LINT,v 1.368 1997/09/20 07:41:28 dyson Exp $
 #
 # NB: You probably don't want to try running a kernel built from this
 # file.  Instead, you should start from GENERIC, and add options from
@@ -368,6 +368,15 @@ pseudo-device	tun	1		#Tunnel driver(user process ppp)
 # conjunction with the `ipfw' program.  IPFIREWALL_VERBOSE sends
 # logged packets to the system logger.  IPFIREWALL_VERBOSE_LIMIT
 # limits the number of times a matching entry can be logged.
+<<<<<<< LINT
+#
+# WARNING:  IPFIREWALL defaults to a policy of "deny ip from any to any"
+# and if you do not add other rules during startup to allow access,
+# YOU WILL LOCK YOURSELF OUT.  It is suggested that you set firewall=open
+# in /etc/rc.conf when first enabling this feature, then refining the
+# firewall rules in /etc/rc.firewall after you've tested that the new kernel
+# feature works properly.
+=======
 # IPFIREWALL_DEFAULT_TO_ACCEPT causes the default rule (at boot) to
 # allow everything.  Use with care, if a cracker can crash your
 # firewall machine, they can get to your protected machines.  However,
@@ -375,6 +384,7 @@ pseudo-device	tun	1		#Tunnel driver(user process ppp)
 # they arise, then this may be for you.  Changing the default to 'allow'
 # means that you won't get stuck if the kernel and /sbin/ipfw binary get
 # out of sync.
+>>>>>>> 1.364
 #
 # IPDIVERT enables the divert IP sockets, used by ``ipfw divert''
 #

sys/i386/conf/NOTES

@@ -2,7 +2,7 @@
 # LINT -- config file for checking all the sources, tries to pull in
 #	as much of the source tree as it can.
 #
-#	$Id: LINT,v 1.367 1997/09/19 15:25:48 jmg Exp $
+#	$Id: LINT,v 1.368 1997/09/20 07:41:28 dyson Exp $
 #
 # NB: You probably don't want to try running a kernel built from this
 # file.  Instead, you should start from GENERIC, and add options from
@@ -368,6 +368,15 @@ pseudo-device	tun	1		#Tunnel driver(user process ppp)
 # conjunction with the `ipfw' program.  IPFIREWALL_VERBOSE sends
 # logged packets to the system logger.  IPFIREWALL_VERBOSE_LIMIT
 # limits the number of times a matching entry can be logged.
+<<<<<<< LINT
+#
+# WARNING:  IPFIREWALL defaults to a policy of "deny ip from any to any"
+# and if you do not add other rules during startup to allow access,
+# YOU WILL LOCK YOURSELF OUT.  It is suggested that you set firewall=open
+# in /etc/rc.conf when first enabling this feature, then refining the
+# firewall rules in /etc/rc.firewall after you've tested that the new kernel
+# feature works properly.
+=======
 # IPFIREWALL_DEFAULT_TO_ACCEPT causes the default rule (at boot) to
 # allow everything.  Use with care, if a cracker can crash your
 # firewall machine, they can get to your protected machines.  However,
@@ -375,6 +384,7 @@ pseudo-device	tun	1		#Tunnel driver(user process ppp)
 # they arise, then this may be for you.  Changing the default to 'allow'
 # means that you won't get stuck if the kernel and /sbin/ipfw binary get
 # out of sync.
+>>>>>>> 1.364
 #
 # IPDIVERT enables the divert IP sockets, used by ``ipfw divert''
 #