Date: Mon, 29 Jul 2013 12:30:59 +0100 From: Simon Dick <simond@irrelevant.org> To: Karl Pielorz <kpielorz_lst@tdx.co.uk> Cc: freebsd-hackers@freebsd.org Subject: Re: kldload ipfw, with IPFIREWALL_DEFAULT_TO_ACCEPT Message-ID: <CAPyG9gP7Yqm1mTj6Ruqavnnc6eZJf0EZrZyAjQSJbqYjAMQSRQ@mail.gmail.com> In-Reply-To: <AC5633093C6F6EB16C5C7DEF@Mail-PC.tdx.co.uk> References: <1D6BF13DFC536AFC94EC6D64@Mail-PC.tdx.co.uk> <51F64BCC.9000301@freebsd.org> <AC5633093C6F6EB16C5C7DEF@Mail-PC.tdx.co.uk>
next in thread | previous in thread | raw e-mail | index | archive | help
On 29 July 2013 12:27, Karl Pielorz <kpielorz_lst@tdx.co.uk> wrote: > > > --On 29 July 2013 13:02 +0200 Stefan Esser <se@freebsd.org> wrote: > > I guess you were looking for: >> >> net.inet.ip.fw.default_to_**accept="1" >> >> which is a tunable to be set in /boot/loader.conf ... >> > > Very probably - but that's at boot time :( - Is there nothing I can do at > kldload time to have the initial kldload give me a 'allow ip from any to > any' rule as it loads? (thus not affecting traffic on the machine, or more > importantly the CARP interfaces)? > > My normal way is to run the kldload in screen and manually run an allow all right afterwards e.g. kldload ipfw && ipfw <blah>... :)
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAPyG9gP7Yqm1mTj6Ruqavnnc6eZJf0EZrZyAjQSJbqYjAMQSRQ>