From owner-freebsd-questions@FreeBSD.ORG Mon Jun 15 10:13:23 2009 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 9EA641065735 for ; Mon, 15 Jun 2009 10:13:23 +0000 (UTC) (envelope-from subbsd@gmail.com) Received: from fg-out-1718.google.com (fg-out-1718.google.com [72.14.220.155]) by mx1.freebsd.org (Postfix) with ESMTP id D31B08FC08 for ; Mon, 15 Jun 2009 10:13:22 +0000 (UTC) (envelope-from subbsd@gmail.com) Received: by fg-out-1718.google.com with SMTP id 22so1048245fge.12 for ; Mon, 15 Jun 2009 03:13:21 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:from:to:subject:date :user-agent:references:in-reply-to:disposition-notification-to :mime-version:content-type:content-transfer-encoding :content-disposition:message-id; bh=C7FW3SnBSOJqHU0OY2TPlijY0byA0qD+Ie/BNzxnC9w=; b=umk/tN++6bRRPhXM9A08gR1J2jSM6kTrBY+HkBSbryMaEShW9rTvdzVT55azbOH2nD UNIdKhpQY2U5mQ7S/0G4Tyub/sk5c0yqzoEaO9LC6jbYZ0G0dsZ7iBfZls+NpP1PCkrv CrE9MtrKa22rNif2hEg0vzoaTHJ6dAeHQqhE4= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=from:to:subject:date:user-agent:references:in-reply-to :disposition-notification-to:mime-version:content-type :content-transfer-encoding:content-disposition:message-id; b=fjkKnGOAVCt67XPsuGvJrDNKM2/8B3+rgSgR3g0+aL4N4xEixTGeZ7Pg1Kx+b7G/xm MLFbieMYJ7ppRRqhS9OuwQwzoqf0t5x8s31mTIHpSccvrcAcHL92W6OUNvF28nO+dzMb 8330V3PELexzZlrJKtWb8lcy4JPyjviHGfqW0= Received: by 10.86.92.9 with SMTP id p9mr6542708fgb.15.1245060801308; Mon, 15 Jun 2009 03:13:21 -0700 (PDT) Received: from gizmo.nevosoft.local ([195.182.128.54]) by mx.google.com with ESMTPS id e11sm8610397fga.1.2009.06.15.03.13.20 (version=TLSv1/SSLv3 cipher=RC4-MD5); Mon, 15 Jun 2009 03:13:20 -0700 (PDT) From: subbsd To: freebsd-questions@freebsd.org Date: Mon, 15 Jun 2009 14:13:19 +0400 User-Agent: KMail/1.11.4 (FreeBSD/8.0-CURRENT; KDE/4.2.4; amd64; ; ) References: <200906151144.34054.subbsd@gmail.com> <200906151251.36846.subbsd@gmail.com> <3a142e750906150216t3a841097w928b079e238530bc@mail.gmail.com> In-Reply-To: <3a142e750906150216t3a841097w928b079e238530bc@mail.gmail.com> MIME-Version: 1.0 Content-Type: Text/Plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit Content-Disposition: inline Message-Id: <200906151413.19330.subbsd@gmail.com> Subject: Re: enable IPFIREWALL_DEFAULT_TO_ACCEPT for GENERIC kernel X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 15 Jun 2009 10:13:24 -0000 On Monday 15 June 2009 13:16:56 Paul B. Mahol wrote: > On 6/15/09, subbsd wrote: > > Hello > > > > On Monday 15 June 2009 12:37:08 membrana wrote: > >> subbsd wrote: > >> > Hello maillist, > >> > > >> > Whether there is a way for booting GENERIC kernel with > >> > ipfw_load="YES" > >> > > >> > and > >> > > >> > 65535 allow ip from any to any > >> > > >> > rules without recompile kernel with options > >> > IPFIREWALL_DEFAULT_TO_ACCEPT ? > >> > > >> > This is single options who force me customize my own kernel with > >> > freebsd- > >> > update. > >> > > >> > Thanks! > >> > >> put ipfw_load="YES" in /boot/loader.conf - keep in mind default is deny > > > > ... > > As i understand, no way for make permit by default when ipfw.ko is > > loading, before running rc-/user-scripts (rc/rc.firewall...) ? Thanks > > put "net.inet.ip.fw.default_to_accept=1" in /etc/sysctl.conf > > I guess that rc.d/sysctl is run before rc.d/ipfw Perfect, thats what i needs. OID net.inet.ip.fw.default_to_accept is read-only for userland/sysctl. I change this value in /boot/loader.conf. Thanks Paul!