Date: Wed, 23 Apr 2003 13:58:08 -0700 (MST) From: felix@rapidaxcess.com To: Josh Paetzel <friar_josh@webwarrior.net> Cc: questions@FreeBSD.org Subject: Re: Firewall options Message-ID: <200304232058.NAA00518@rs2.rapidaxcess.com>
next in thread | raw e-mail | index | archive | help
Thanks guys. The fix was to 'make clean' and start over. At 01:39 PM 4/23/03 -0500, you wrote: >On Wed, Apr 23, 2003 at 12:29:46PM -0700, felix@rapidaxcess.com wrote: >> To whom it may concern: >> I am in the process of setting up my first firewalled machine, on the bench >> thank God. >> I have poured over the manual pages multiple times and am stuck here... >> >> I seem to have everything under control with rules set up to allow me in on >> boot. Now I need to change the default rule (65535) to deny instead of accept. >> I have removed the kernel config line: options IPFIREWALL_DEFAULT_TO_ACCEPT >> recompiled and rebooted 2 times, still the default is accept. >> I hate to hack by adding a rule 65000 to deny just for a work around, if >> that would even work... >> Suggestions? >> >> Thanks in advance! And keep up the great work, all of my servers run FreeBSD! >> >> Bryan Felix >> felix@rapidaxcess.com >> > >Well, adding that rule would work, but it would be a hack. Are you SURE you >are booting the kernel you think you are? Try renaming the kernel with the >IPFIREWALL_DEFAULT_TO_ALLOW option removed to a different name and see if >that's the kernel you're actually booting after the rebuild process. I've >seen two different 5.0 boxes in particular not boot the correct kernel after a >rebuild in the last two weeks. > >Josh > > >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200304232058.NAA00518>