Skip site navigation (1)Skip section navigation (2) 
Date:      Tue, 18 Jun 2019 14:22:32 +0200
From:      Andreas Nilsson <andrnils@gmail.com>
To:        Robert Huff <roberthuff@rcn.com>
Cc:        "Ronald F. Guilmette" <rfg@tristatelogic.com>, FreeBSD Net <freebsd-net@freebsd.org>,  Mailinglists FreeBSD <freebsd-questions@freebsd.org>
Subject:   Re: Eliminating IPv6 (?)
Message-ID:  <CAPS9%2BStc5VpbEsho8OUdAe2AT=P6ukXfA4ZThTRZWNXtpZi3BA@mail.gmail.com>
In-Reply-To: <23816.53518.998090.665606@jerusalem.litteratus.org>
References:  <9AF5DF39-9B81-4270-B25C-D089C971E924@punkt.de> <19574.1560847186@segfault.tristatelogic.com> <23816.53518.998090.665606@jerusalem.litteratus.org>
next in thread | previous in thread | raw e-mail | index | archive | help 
On Tue, Jun 18, 2019 at 2:16 PM Robert Huff <roberthuff@rcn.com> wrote:

>
> Ronald F. Guilmette writes:
>
> >  >Instead of messing with the system provided file you could
> >  >create a new one with only your own desired rules and then set
> >  >this rc.conf variable:
> >  >
> >  >    firewall_script="/etc/rc.firewall"
> >
> >  Actually, no, that's not how one is supposed to enable one's own set
> >  of ipfw ules.  To do that, the Handbook (Sec. 30.4.1) says very clearly
> >  that one should do:
> >
> >      firewall_enable="YES"
> >      firewall_type="path-to-my-rules-file"
> >
> >  But I'm glad you brought it up.  The funny thing is that even that
> >  doesn't work properly nowadays *or* like it used to in the past.
>
>         If this is true - haven't checked personally - then it's a bug.
> (And a non-trivial one, the fact you're the first to report it
> notwithstanding.)
>         Can you please open a bug report?
>
>
>                         Respectfully,
>
>
>                                 Robert Huff
>

 The bug being that firewall_type is used to specify a type in the default
/etc/rc.firewall file and firewall_script should be used to provide the
path to ones own ipfw script, right?

I have no ipv6 rules in ipfw when configuring rc.conf as:

firewall_enable="YES"
firewall_script="/etc/ipfw.rules".

The man page for rc.conf states:
     firewall_script
                 (str) This variable specifies the full path to the firewall
                 script to run.  The default is /etc/rc.firewall.
     firewall_type
                 (str) Names the firewall type from the selection in
                 /etc/rc.firewall, or the file which contains the local
                 firewall ruleset.  Valid selections from /etc/rc.firewall
                 are:

                 open        unrestricted IP access
                 closed      all IP services disabled, except via "lo0"
                 client      basic protection for a workstation
                 simple      basic protection for a LAN.

                 If a filename is specified, the full path must be given.


Best regards
Andreas

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAPS9%2BStc5VpbEsho8OUdAe2AT=P6ukXfA4ZThTRZWNXtpZi3BA>