Date: 10 May 2001 11:13:39 +0200 From: Dag-Erling Smorgrav <des@ofug.org> To: nate@yogotech.com (Nate Williams) Cc: Michael Sharp <msharp@medmail.com>, FreeBSD-security@FreeBSD.ORG Subject: Re: Ip filtering with ipfw Message-ID: <xzp3dadlg70.fsf@flood.ping.uio.no> In-Reply-To: <15097.44134.876784.259823@nomad.yogotech.com> References: <20010509160500.7232.cpmta@c000.sfo.cp.net> <15097.44134.876784.259823@nomad.yogotech.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Nate Williams <nate@yogotech.com> writes: > This is the default 'open' setup, yes, and happens because you added the > following (mentioned in another email). > > > SO, from /etc/rc.firewall I added IPFIREWALL_DEFAULT_TO_ACCEPT to my > > kernel and recompiled. > > Otherwise, rule 65000 wouldn't have existed. Wrong. The ruleset above is from a machine that doesn't have IPFIREWALL_DEFAULT_TO_ACCEPT, otherwise rule 65535 would be "allow ip from any to any" instead of "deny ip from any to any". Rule 65000 was added by /etc/rc.firewall, which knows nothing about kernel options. DES -- Dag-Erling Smorgrav - des@ofug.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?xzp3dadlg70.fsf>