Date: Mon, 15 Jun 2009 11:37:08 +0300 From: membrana <stopeme@gmail.com> To: subbsd <subbsd@gmail.com> Cc: freebsd-questions@freebsd.org Subject: Re: enable IPFIREWALL_DEFAULT_TO_ACCEPT for GENERIC kernel Message-ID: <4A360834.2070503@gmail.com> In-Reply-To: <200906151144.34054.subbsd@gmail.com> References: <200906151144.34054.subbsd@gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
subbsd wrote:
> Hello maillist,
>
> Whether there is a way for booting GENERIC kernel with
> ipfw_load="YES"
>
> and
>
> 65535 allow ip from any to any
>
> rules without recompile kernel with options IPFIREWALL_DEFAULT_TO_ACCEPT ?
>
> This is single options who force me customize my own kernel with freebsd-
> update.
>
> Thanks!
>
>
put ipfw_load="YES" in /boot/loader.conf - keep in mind default is deny
use firewall_enable="YES" and firewall_type="open" in /etc/rc.conf
Available values for firewall_type:
*
open -- pass all traffic.
*
client -- will protect only this machine.
*
simple -- protect the whole network.
*
closed -- entirely disables IP traffic except for the loopback
interface.
*
UNKNOWN -- disables the loading of firewall rules.
*
/filename/ -- absolute path of file containing firewall rules
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4A360834.2070503>