Date: Wed, 16 Dec 2015 16:58:00 +1100 (EST) From: Ian Smith <smithi@nimnet.asn.au> To: bcs <bimmer@field.hu> Cc: freebsd-net@freebsd.org Subject: Re: arp response fails Message-ID: <20151216163819.H95820@sola.nimnet.asn.au> In-Reply-To: <5670988B.5030905@field.hu> References: <5670988B.5030905@field.hu>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, 15 Dec 2015 23:47:39 +0100, bcs wrote:
[..]
> I use ipfw but "ipfw -q -f flush" didn't solve the issue. Here are my
[..]
> /boot/loader.conf:
> ipfw_load="YES"
> net.inet.ip.fw.default_to_accept=1
ipfw(8):
Tunables can be set in loader(8) prompt, loader.conf(5) or kenv(1) before
ipfw module gets loaded.
net.inet.ip.fw.default_to_accept: 0
Defines ipfw last rule behavior. This value overrides options
IPFW_DEFAULT_TO_(ACCEPT|DENY) from kernel configuration file.
So set the tunable BEFORE loading ipfw. Check with '# ipfw show | tail'
or similar to see your rules are really what you expected .. flushing
wouldn't help if it's still defaulting to deny.
You may find it a better idea using firewall_enable=YES in /etc/rc.conf,
with firewall_type=OPEN when that's what you want. You can then change
your firewall_type on the fly without rebooting - e.g. with sysrc(8) -
using 'service ipfw restart'.
cheers, Ian
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20151216163819.H95820>