Date: Mon, 15 Jun 2009 11:16:56 +0200 From: "Paul B. Mahol" <onemda@gmail.com> To: subbsd <subbsd@gmail.com> Cc: freebsd-questions@freebsd.org Subject: Re: enable IPFIREWALL_DEFAULT_TO_ACCEPT for GENERIC kernel Message-ID: <3a142e750906150216t3a841097w928b079e238530bc@mail.gmail.com> In-Reply-To: <200906151251.36846.subbsd@gmail.com> References: <200906151144.34054.subbsd@gmail.com> <4A360834.2070503@gmail.com> <200906151251.36846.subbsd@gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On 6/15/09, subbsd <subbsd@gmail.com> wrote: > Hello > > On Monday 15 June 2009 12:37:08 membrana wrote: >> subbsd wrote: >> > Hello maillist, >> > >> > Whether there is a way for booting GENERIC kernel with >> > ipfw_load="YES" >> > >> > and >> > >> > 65535 allow ip from any to any >> > >> > rules without recompile kernel with options IPFIREWALL_DEFAULT_TO_ACCEPT >> > ? >> > >> > This is single options who force me customize my own kernel with >> > freebsd- >> > update. >> > >> > Thanks! >> >> put ipfw_load="YES" in /boot/loader.conf - keep in mind default is deny >> > ... > As i understand, no way for make permit by default when ipfw.ko is loading, > before running rc-/user-scripts (rc/rc.firewall...) ? Thanks put "net.inet.ip.fw.default_to_accept=1" in /etc/sysctl.conf I guess that rc.d/sysctl is run before rc.d/ipfw -- Paul
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3a142e750906150216t3a841097w928b079e238530bc>