Solved rc.firewall option "workstation" missing in manual / help of rc

man rc or
man rc.firewall

There in chapter rc.firewall is written:
The rc.firewall script is used to configure rules for the kernel based
firewall service. It has several possible options:

open will allow anyone in
client will try to protect just this machine
simple will try to protect a whole network
closed totally disables IP services except via lo0 interface
UNKNOWN disables the loading of firewall rules
filename will load the rules in the given filename (full path required).

But the option "workstation" is there not described. But this option I find in my /etc/rc.firewall file. And I use this option.
What is wrong? The help file missing the option? Or has this changed anytime in the file with a FreeBSD update?

extraction of /etc/rc.firewall
#Line 420
[Ww][Oo][Rr][Kk][Ss][Tt][Aa][Tt][Ii][Oo][Nn])
# Configuration:
# firewall_myservices: List of ports/protocols on which this
# host offers services.
# firewall_allowservices: List of IPv4 and/or IPv6 addresses
# that have access to
# $firewall_myservices.
# firewall_trusted: List of IPv4 and/or IPv6 addresses
# that have full access to this host.
# Be very careful when setting this.
# This option can seriously degrade
# the level of protection provided by
# the firewall.
# firewall_logdeny: Boolean (YES/NO) specifying if the
# default denied packets should be
# logged (in /var/log/security).
# firewall_nologports: List of TCP/UDP ports for which
# denied incoming packets are not
# logged.

# Allow packets for which a state has been built.
${fwcmd} add check-state
...
 
It's simply a case of the documentation not being up to date, not an issue, doing an update did not change this.

It's quite possible that when the workstartion was added, the commiter forgot to make sure the man page was updated.

I'd say it's more of a minor issue instead of a huge red flag.
 
What is wrong? The help file missing the option? Or has this changed anytime in the file with a FreeBSD update?
While man pages are a great resource (and most of them are really good), they're not always completely "in sync" with the actual command or configuration file. As far as I know that "workstation" option has been there for a long time, so I guess nobody got around to properly documenting the option in the man page yet.
 
Back
Top