From owner-freebsd-security@FreeBSD.ORG Thu Feb 3 20:02:40 2005 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id AEBFC16A4CE for ; Thu, 3 Feb 2005 20:02:40 +0000 (GMT) Received: from mail.dti.supsi.ch (mail.dti.supsi.ch [193.5.153.13]) by mx1.FreeBSD.org (Postfix) with ESMTP id 2443943D48 for ; Thu, 3 Feb 2005 20:02:39 +0000 (GMT) (envelope-from roberto.nunnari@supsi.ch) Received: from [193.5.152.27] (pcm2027.dti.supsi.ch [193.5.152.27]) by mail.dti.supsi.ch (8.11.6/8.11.6) with ESMTP id j13K2au14481; Thu, 3 Feb 2005 21:02:36 +0100 Message-ID: <4202834D.7030000@supsi.ch> Date: Thu, 03 Feb 2005 21:02:21 +0100 From: Roberto Nunnari User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.5) Gecko/20041217 X-Accept-Language: en-us, en MIME-Version: 1.0 To: Duane Winner References: <42028032.2020701@att.net> In-Reply-To: <42028032.2020701@att.net> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit cc: freebsd-security@freebsd.org Subject: Re: need ipfw clarification X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 03 Feb 2005 20:02:40 -0000 Hi Duane. I had the same problem.. With 5.2.1 I had working forward rules and that were broke with 5.3 after some fiddling I managed to have that work again.. just add them to your kernel: options IPFIREWALL options IPFIREWALL_DEFAULT_TO_ACCEPT options IPFIREWALL_VERBOSE options IPFIREWALL_FORWARD if you don't add them to your kernel, forwarding in ipfw will be disabled. Ciao. Duane Winner wrote: > Hello, > > I noticed that after enabling firewall in my kernel (5.3-release), my > dmesg now gives me this: > > ipfw2 initialized, divert disabled, rule-based forwarding disabled, > default to accept, logging limited to 5 packets/entry by default > > > On 5.2.1, I used to get this: > > ipfw2 initialized, divert disabled, rule-based forwarding enabled, > default to accept, logging disabled > > If both cases, I am adding this to my KERNEL config: > > options IPFIREWALL > options IPFIREWALL_DEFAULT_TO_ACCEPT > > > It seems that the major difference between 5.2.1 and 5.3 is that now > rule-based forwarding is disabled. > > Is this correct? And what exactly is rule-based forwarding? I'm guessing > that it doesn't really apply to my situation, as in these cases, I am > using IPFW to create a deny all inbound to my laptop when I'm on the > road. But I just want to make sure. > > Thanks, > DW > _______________________________________________ > freebsd-security@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-security > To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org" -- Roberto Nunnari -software engineer- mailto:roberto.nunnari@supsi.ch Scuola Universitaria Professionale della Svizzera Italiana Dipartimento Tecnologie Innovative http://www.dti.supsi.ch SUPSI-DTI Via Cantonale tel: +41-91-6108561 6928 Manno """ fax: +41-91-6108570 Switzerland (o o) =======================oOO==(_)==OOo========================