From owner-freebsd-questions@FreeBSD.ORG Mon Jun 15 08:47:43 2009 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id B878F106564A for ; Mon, 15 Jun 2009 08:47:43 +0000 (UTC) (envelope-from subbsd@gmail.com) Received: from fg-out-1718.google.com (fg-out-1718.google.com [72.14.220.152]) by mx1.freebsd.org (Postfix) with ESMTP id 40C558FC19 for ; Mon, 15 Jun 2009 08:47:42 +0000 (UTC) (envelope-from subbsd@gmail.com) Received: by fg-out-1718.google.com with SMTP id e12so332865fga.12 for ; Mon, 15 Jun 2009 01:47:42 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:from:to:subject:date :user-agent:references:in-reply-to:disposition-notification-to :mime-version:content-type:content-transfer-encoding :content-disposition:message-id; bh=iyQGDpDnL15WeCrKYZasUVtSI/ktDqHMLTxjO4W+BLs=; b=QnKvJkaftD+Sx3BycTwLRSoV1H1bcVvdcTklFyBgsha8AHTLrPT6Q2Ua/tBndNEUDf OiIn+9uUj9Sc8+xSKJUMEqqYYxQT6IVVMPJoWQ3/PUg08rzF01nH9nUC0XAm1qo7GkN+ QEnilkuYWh891RzItT6IrroRlwMJLXm9C4Rms= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=from:to:subject:date:user-agent:references:in-reply-to :disposition-notification-to:mime-version:content-type :content-transfer-encoding:content-disposition:message-id; b=hjJxJyRUQi8oBm2Q1qsFtu9ZsUfmVd+mn8XU5SwJnN3Nhf9zYZMCsMV9haA0B0TRg5 +lh/njA9eaZIK4egJ3h8tIWmXltsZd19V2aVszWSKdCrvdWv20IlbmadbT9tCMAQItu9 ARRdVrV80QnQmt1E2f9wJldoSjUn26/Slksv4= Received: by 10.86.92.9 with SMTP id p9mr6476734fgb.15.1245055662188; Mon, 15 Jun 2009 01:47:42 -0700 (PDT) Received: from gizmo.nevosoft.local ([195.182.128.54]) by mx.google.com with ESMTPS id 4sm8462329fge.13.2009.06.15.01.47.41 (version=TLSv1/SSLv3 cipher=RC4-MD5); Mon, 15 Jun 2009 01:47:41 -0700 (PDT) From: subbsd To: freebsd-questions@freebsd.org Date: Mon, 15 Jun 2009 12:47:38 +0400 User-Agent: KMail/1.11.4 (FreeBSD/8.0-CURRENT; KDE/4.2.4; amd64; ; ) References: <200906151144.34054.subbsd@gmail.com> In-Reply-To: MIME-Version: 1.0 Content-Type: Text/Plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit Content-Disposition: inline Message-Id: <200906151247.39740.subbsd@gmail.com> Subject: Re: enable IPFIREWALL_DEFAULT_TO_ACCEPT for GENERIC kernel X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 15 Jun 2009 08:47:44 -0000 Hello On Monday 15 June 2009 12:39:08 Michael Powell wrote: > subbsd wrote: > > Hello maillist, > > > > Whether there is a way for booting GENERIC kernel with > > ipfw_load="YES" > > > > and > > > > 65535 allow ip from any to any > > > > rules without recompile kernel with options IPFIREWALL_DEFAULT_TO_ACCEPT > > ? > > > > This is single options who force me customize my own kernel with freebsd- > > update. > > In your /etc/rc.conf: > > firewall_enable="YES" # Set to YES to enable firewall functionality > > In addition to the above to activate include this below: > > firewall_type="open" > Thanks for answer. but its a little bit other than i needed. I've try for safe "ipfw flush" in remote machine, when FW no have any user rules . OPEN firewall type is not get 65535 rules for pass all traffic by default > IIRC that should do what you need. There is a list of the types and their > function commented in the /etc/rc.firewall script. > > -Mike > > > > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to > "freebsd-questions-unsubscribe@freebsd.org"