From owner-freebsd-net@FreeBSD.ORG Tue Oct 21 12:39:00 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 8A1EB16A4B3 for ; Tue, 21 Oct 2003 12:39:00 -0700 (PDT) Received: from xorpc.icir.org (xorpc.icir.org [192.150.187.68]) by mx1.FreeBSD.org (Postfix) with ESMTP id B7A5143FBD for ; Tue, 21 Oct 2003 12:38:59 -0700 (PDT) (envelope-from rizzo@xorpc.icir.org) Received: from xorpc.icir.org (localhost [127.0.0.1]) by xorpc.icir.org (8.12.9p1/8.12.3) with ESMTP id h9LJcxsd050488; Tue, 21 Oct 2003 12:38:59 -0700 (PDT) (envelope-from rizzo@xorpc.icir.org) Received: (from rizzo@localhost) by xorpc.icir.org (8.12.9p1/8.12.3/Submit) id h9LJcxiQ050487; Tue, 21 Oct 2003 12:38:59 -0700 (PDT) (envelope-from rizzo) Date: Tue, 21 Oct 2003 12:38:59 -0700 From: Luigi Rizzo To: Mikel King Message-ID: <20031021123859.A50248@xorpc.icir.org> References: <23439.1066760713@tigger.icir.org> <3F9583F4.9020306@ocsny.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5.1i In-Reply-To: <3F9583F4.9020306@ocsny.com>; from mikel.king@ocsny.com on Tue, Oct 21, 2003 at 03:07:32PM -0400 cc: freebsd-net@freebsd.org cc: atanu@ICSI.Berkeley.EDU Subject: Re: Remote Boot X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 21 Oct 2003 19:39:00 -0000 On Tue, Oct 21, 2003 at 03:07:32PM -0400, Mikel King wrote: > Just curious would it be better to add a rule to allowe 67 & 68 (tcp & > udp) in from the dhcp server instead of leaving the box all open? > Understand I've never attempted this booting a diskless, but it seems > like something worth trying.... all this happens before you have a chance to install an ipfw configuration so what you suggest cannot be done unless you hardwire the rules in the kernel (which you can't, at the moment; not that it couldn't be done, ipfw2 is quite flexible in this respect, but the feature is not implemented now). cheers luigi > Atanu Ghosh wrote: > > >>From my notes when trying to get diskless booting working: > > > > We usually have the firewall and dummynet enabled in our configs. The > > default is therefore not to allow any packets in or out. This stops > > the DHCP packets leaving a diskless kernel. Override this default. > > > >options IPFIREWALL_DEFAULT_TO_ACCEPT > > > > Atanu.