From owner-freebsd-questions@FreeBSD.ORG Mon Jun 15 09:16:58 2009 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 66F70106566B for ; Mon, 15 Jun 2009 09:16:58 +0000 (UTC) (envelope-from onemda@gmail.com) Received: from mail-bw0-f228.google.com (mail-bw0-f228.google.com [209.85.218.228]) by mx1.freebsd.org (Postfix) with ESMTP id E282D8FC08 for ; Mon, 15 Jun 2009 09:16:57 +0000 (UTC) (envelope-from onemda@gmail.com) Received: by bwz28 with SMTP id 28so459164bwz.43 for ; Mon, 15 Jun 2009 02:16:56 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:in-reply-to:references :date:message-id:subject:from:to:cc:content-type :content-transfer-encoding; bh=qHc13zcRxYo1xBmxeDOocml50AAuvmOuy2KovefKZQI=; b=f+1GZyui9+azd7fQfEFRsSMXJ106SsIdS/Scm51oBD2EiSL6y+JB1VcNzFd27FwIds SCbqUlW+FPjTiJ/FwLjMSCLyITgj4WWzdmZ6lTX/ioNChyboFrQHbt7pxGuV+vP/E2nB AgXGs1IKGj90tdHLeIs3U65NvHjgAErGvhj0E= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type:content-transfer-encoding; b=ZaTrEx4bIxmh6xtY2bPAypQ7tsW/KWzGILkRr6DSo9xC/myfILObkqslrwiqKP9KVG TtwwBfiZ7RdAI2ICvsEDRM9GkiQgT9QrkmXQT1ZQ2fl+WcHFs+uDP9gWHUUIbQoxPYsX coGnFntqgZo5HCK1sAZX3x84zQwdrXp9J4LrA= MIME-Version: 1.0 Received: by 10.204.71.134 with SMTP id h6mr382464bkj.70.1245057416704; Mon, 15 Jun 2009 02:16:56 -0700 (PDT) In-Reply-To: <200906151251.36846.subbsd@gmail.com> References: <200906151144.34054.subbsd@gmail.com> <4A360834.2070503@gmail.com> <200906151251.36846.subbsd@gmail.com> Date: Mon, 15 Jun 2009 11:16:56 +0200 Message-ID: <3a142e750906150216t3a841097w928b079e238530bc@mail.gmail.com> From: "Paul B. Mahol" To: subbsd Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Cc: freebsd-questions@freebsd.org Subject: Re: enable IPFIREWALL_DEFAULT_TO_ACCEPT for GENERIC kernel X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 15 Jun 2009 09:16:58 -0000 On 6/15/09, subbsd wrote: > Hello > > On Monday 15 June 2009 12:37:08 membrana wrote: >> subbsd wrote: >> > Hello maillist, >> > >> > Whether there is a way for booting GENERIC kernel with >> > ipfw_load="YES" >> > >> > and >> > >> > 65535 allow ip from any to any >> > >> > rules without recompile kernel with options IPFIREWALL_DEFAULT_TO_ACCEPT >> > ? >> > >> > This is single options who force me customize my own kernel with >> > freebsd- >> > update. >> > >> > Thanks! >> >> put ipfw_load="YES" in /boot/loader.conf - keep in mind default is deny >> > ... > As i understand, no way for make permit by default when ipfw.ko is loading, > before running rc-/user-scripts (rc/rc.firewall...) ? Thanks put "net.inet.ip.fw.default_to_accept=1" in /etc/sysctl.conf I guess that rc.d/sysctl is run before rc.d/ipfw -- Paul