From owner-freebsd-questions@FreeBSD.ORG Mon Jun 15 08:37:24 2009 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id DE9821065690 for ; Mon, 15 Jun 2009 08:37:24 +0000 (UTC) (envelope-from stopeme@gmail.com) Received: from mail-fx0-f206.google.com (mail-fx0-f206.google.com [209.85.220.206]) by mx1.freebsd.org (Postfix) with ESMTP id 6C6418FC19 for ; Mon, 15 Jun 2009 08:37:23 +0000 (UTC) (envelope-from stopeme@gmail.com) Received: by fxm2 with SMTP id 2so98642fxm.43 for ; Mon, 15 Jun 2009 01:37:23 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:message-id:date:from :user-agent:mime-version:to:cc:subject:references:in-reply-to :content-type:content-transfer-encoding; bh=63sSr3pOIfDRguNDHYU04F8sViZLEBnud2a/WfkT2bk=; b=DXtdSld/z8H4w5/bRstUFq/nPDA/RKIrZXud4T8nrcTA/vHy0eWG2PPEJiZ80h1LAc +rbHz2cgVthz7T7F7aZmoW4w6GW72z+v4eOHaAgecSzjJQFH2aUpWMWQ4r0Ep8RZfHZc th2emJi6f4SQeeD/hsOFj1CAswEkuTfDRd79c= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:user-agent:mime-version:to:cc:subject :references:in-reply-to:content-type:content-transfer-encoding; b=oCICu9VmzA4usFi2xrrTeqwkKeIBQw5/68m65M4iLoqMKiAIg2xUc8IiPi7BOnZfoO L8azJXjhti7EouzqEr+hNQiKcbJV+Lq+oJDUc6pzYkogApYUjTt4/zgunnm4G9kf2Job stUUaT2O92tD+OwNOeHgiZaxVKjnHiIB7mHGE= Received: by 10.204.57.210 with SMTP id d18mr1380166bkh.13.1245055043123; Mon, 15 Jun 2009 01:37:23 -0700 (PDT) Received: from ?192.168.110.20? ([87.120.162.65]) by mx.google.com with ESMTPS id 26sm7248683fks.1.2009.06.15.01.37.20 (version=TLSv1/SSLv3 cipher=RC4-MD5); Mon, 15 Jun 2009 01:37:21 -0700 (PDT) Message-ID: <4A360834.2070503@gmail.com> Date: Mon, 15 Jun 2009 11:37:08 +0300 From: membrana User-Agent: Thunderbird 2.0.0.21 (Windows/20090302) MIME-Version: 1.0 To: subbsd References: <200906151144.34054.subbsd@gmail.com> In-Reply-To: <200906151144.34054.subbsd@gmail.com> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: freebsd-questions@freebsd.org Subject: Re: enable IPFIREWALL_DEFAULT_TO_ACCEPT for GENERIC kernel X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 15 Jun 2009 08:37:25 -0000 subbsd wrote: > Hello maillist, > > Whether there is a way for booting GENERIC kernel with > ipfw_load="YES" > > and > > 65535 allow ip from any to any > > rules without recompile kernel with options IPFIREWALL_DEFAULT_TO_ACCEPT ? > > This is single options who force me customize my own kernel with freebsd- > update. > > Thanks! > > put ipfw_load="YES" in /boot/loader.conf - keep in mind default is deny use firewall_enable="YES" and firewall_type="open" in /etc/rc.conf Available values for firewall_type: * open -- pass all traffic. * client -- will protect only this machine. * simple -- protect the whole network. * closed -- entirely disables IP traffic except for the loopback interface. * UNKNOWN -- disables the loading of firewall rules. * /filename/ -- absolute path of file containing firewall rules