From owner-freebsd-security@FreeBSD.ORG  Fri Feb  6 07:06:25 2004
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Delivered-To: freebsd-security@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id E0FD116A4CE
	for <freebsd-security@freebsd.org>;
	Fri,  6 Feb 2004 07:06:25 -0800 (PST)
Received: from amsfep15-int.chello.nl (amsfep15-int.chello.nl [213.46.243.28])
	by mx1.FreeBSD.org (Postfix) with ESMTP id EEE7B43D46
	for <freebsd-security@freebsd.org>;
	Fri,  6 Feb 2004 07:06:21 -0800 (PST)
	(envelope-from dodell@sitetronics.com)
Received: from sitetronics.com ([62.163.150.222]) by amsfep15-int.chello.nl
          (InterMail vM.6.00.05.02 201-2115-109-103-20031105) with ESMTP
          id <20040206150619.SNBW9653.amsfep15-int.chello.nl@sitetronics.com>;
          Fri, 6 Feb 2004 16:06:19 +0100
Message-ID: <4023AD12.6070106@sitetronics.com>
Date: Fri, 06 Feb 2004 16:04:50 +0100
From: "Devon H. O'Dell" <dodell@sitetronics.com>
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US;
	rv:1.6b) Gecko/20031205 Thunderbird/0.4
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: "Gogh, Ruben van" <R.v.Gogh@kappe-int.com>
References: <0FDD52D38220D611B7CC0004763B3744F80821@HNTS-04>
In-Reply-To: <0FDD52D38220D611B7CC0004763B3744F80821@HNTS-04>
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
cc: "'freebsd-security@freebsd.org'" <freebsd-security@freebsd.org>
Subject: Re: IPFIREWALL_DEFAULT_TO_ACCEPT becomes default to deny
X-BeenThere: freebsd-security@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: Security issues [members-only posting]
	<freebsd-security.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>,
	<mailto:freebsd-security-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-security>
List-Post: <mailto:freebsd-security@freebsd.org>
List-Help: <mailto:freebsd-security-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>,
	<mailto:freebsd-security-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 06 Feb 2004 15:06:26 -0000

Gogh, Ruben van wrote:

> Hey Guys,
> 
> today I upgraded to 4.8-RELEASE-p15. As usual I set IPFIREWALL to default
> accept in my kernel config file.
> Config & make weren't complaining so, installed the kernel, reboot and there
> it was: 
> 
>>IP packet filtering initialized, divert disabled, rule-based forwarding
> 
> enabled, default to deny, logging disabled
> 
> Another rebuild didn't work out so... I reviewed /usr/src/UPDATING but
> there's no such thing as dropping IPFIREWALL_DEFAULT_TO_ACCEPT.
> 
> So, is this a true bug or what?
> 
> Regards,
> 
> Ruben

I'm not sure what to make of this as IPFIREWALL_DEFAULT_TO_ACCEPT works fine 
for me in 4.8, 4.9, 5.1 and 5.2. Are you sure you compiled with the correct 
kernel configuration (and installed as well)?

Additionally, you might like to look into setting firewall_enable="YES" and 
firewall_type="open" in rc.conf

Kind regards,

Devon H. O'Dell