Date: Thu, 24 Jul 1997 03:40:02 -0700 (PDT) From: David Nugent <davidn@labs.usn.blaze.net.au> To: freebsd-bugs Subject: Re: kern/4141: ipfw default rule should be compile-time option Message-ID: <199707241040.DAA21764@hub.freebsd.org>
next in thread | raw e-mail | index | archive | help
The following reply was made to PR kern/4141; it has been noted by GNATS. From: David Nugent <davidn@labs.usn.blaze.net.au> To: hsu@mail.clinet.fi Cc: FreeBSD-gnats-submit@FreeBSD.ORG Subject: Re: kern/4141: ipfw default rule should be compile-time option Date: Thu, 24 Jul 1997 20:32:19 +1000 > ipfw default rule was changed to deny over a year ago. This is the right > thing in theory, but in practice it has been and still is a pain, causing > configuration mistake or kernel/ipfw command difference always be fatal and > requiring manual attendance. Fine for pure firewalls and machines which ~ > This would be easy to fix by adding kernel compile option which would make > ipfw default rule "allow" instead of "deny". It would not harm anyone but > would a lifesaver for us. > > >How-To-Repeat: > > Replace a -stable kernel from a month ago (I think) and -stable kernel from > yesterday sup reboot, in a machine which has rc.firewall as "open". ipfw > command fails when trying to set default rule to allow, so no networking. > > >Fix: > > >Audit-Trail: > >Unformatted: > Since Joerg is on holidays, I'll make his standard reply to this sort of request: Your email seemed to be truncated at this point, as the patch adding this feature was missing. Could you please resend? :-) Regards, David PS: Yes, I think this is worth doing too. This would allow a remote booted machine with an nfs-mounted root filesystem to run the filewall code as well. -- David Nugent - Unique Computing Pty Ltd - Melbourne, Australia Voice +61-3-9791-9547 Data/BBS +61-3-9792-3507 3:632/348@fidonet davidn@freebsd.org davidn@blaze.net.au http://www.blaze.net.au/~davidn/
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199707241040.DAA21764>