Date: Mon, 15 Jun 2009 12:47:38 +0400 From: subbsd <subbsd@gmail.com> To: freebsd-questions@freebsd.org Subject: Re: enable IPFIREWALL_DEFAULT_TO_ACCEPT for GENERIC kernel Message-ID: <200906151247.39740.subbsd@gmail.com> In-Reply-To: <h1517r$3te$1@ger.gmane.org> References: <200906151144.34054.subbsd@gmail.com> <h1517r$3te$1@ger.gmane.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Hello On Monday 15 June 2009 12:39:08 Michael Powell wrote: > subbsd wrote: > > Hello maillist, > > > > Whether there is a way for booting GENERIC kernel with > > ipfw_load="YES" > > > > and > > > > 65535 allow ip from any to any > > > > rules without recompile kernel with options IPFIREWALL_DEFAULT_TO_ACCEPT > > ? > > > > This is single options who force me customize my own kernel with freebsd- > > update. > > In your /etc/rc.conf: > > firewall_enable="YES" # Set to YES to enable firewall functionality > > In addition to the above to activate include this below: > > firewall_type="open" > Thanks for answer. but its a little bit other than i needed. I've try for safe "ipfw flush" in remote machine, when FW no have any user rules . OPEN firewall type is not get 65535 rules for pass all traffic by default > IIRC that should do what you need. There is a list of the types and their > function commented in the /etc/rc.firewall script. > > -Mike > > > > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to > "freebsd-questions-unsubscribe@freebsd.org"
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200906151247.39740.subbsd>