Date: Mon, 10 Oct 2005 11:27:23 -0400 From: Aaron Peterson <dopplecoder@gmail.com> To: "Brian E. Conklin" <bconklin@masongeneral.com> Cc: freebsd-questions@freebsd.org, Mark Cullen <mark.r.cullen@gmail.com> Subject: Re: Converting from IPFW to IPFILTER Message-ID: <45d750d20510100827s5500093cqac3ee9f636d4bc50@mail.gmail.com> In-Reply-To: <CA513920FC73A14B964AB258D77EA8D6A4474D@mx1.masongeneral.com> References: <CA513920FC73A14B964AB258D77EA8D6A4474D@mx1.masongeneral.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On 10/10/05, Brian E. Conklin <bconklin@masongeneral.com> wrote: > > So I am assuming because IPFW is built into the kernel with a "default to > deny" option, I will need an IPFW rule allowing everything? Or, can I cha= nge > my rc.conf to have IPFIREWALL_ENABLE=3D"NO"? > IPFW can be compiled static into the kernel, or it can be loaded as a module. My understanding is that when loading as a module, default deny is your only option. If you compile into the kernel with "options IPFFIREWALL_DEFAULT_TO_ACCEPT" then you get the obvious results. This is all in the handbook by the way: http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/firewalls-ipfw.ht= ml Aaron
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?45d750d20510100827s5500093cqac3ee9f636d4bc50>