From owner-freebsd-hackers@FreeBSD.ORG Mon Jul 29 14:04:47 2013 Return-Path: Delivered-To: freebsd-hackers@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTP id 8DCFBC79; Mon, 29 Jul 2013 14:04:47 +0000 (UTC) (envelope-from kostikbel@gmail.com) Received: from kib.kiev.ua (kib.kiev.ua [IPv6:2001:470:d5e7:1::1]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.freebsd.org (Postfix) with ESMTPS id F25F0283F; Mon, 29 Jul 2013 14:04:46 +0000 (UTC) Received: from tom.home (kostik@localhost [127.0.0.1]) by kib.kiev.ua (8.14.7/8.14.7) with ESMTP id r6TE4exJ013281; Mon, 29 Jul 2013 17:04:40 +0300 (EEST) (envelope-from kostikbel@gmail.com) DKIM-Filter: OpenDKIM Filter v2.8.3 kib.kiev.ua r6TE4exJ013281 Received: (from kostik@localhost) by tom.home (8.14.7/8.14.7/Submit) id r6TE4ens013280; Mon, 29 Jul 2013 17:04:40 +0300 (EEST) (envelope-from kostikbel@gmail.com) X-Authentication-Warning: tom.home: kostik set sender to kostikbel@gmail.com using -f Date: Mon, 29 Jul 2013 17:04:40 +0300 From: Konstantin Belousov To: Karl Pielorz Subject: Re: kldload ipfw, with IPFIREWALL_DEFAULT_TO_ACCEPT Message-ID: <20130729140440.GN4972@kib.kiev.ua> References: <1D6BF13DFC536AFC94EC6D64@Mail-PC.tdx.co.uk> <51F64BCC.9000301@freebsd.org> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="dzI2QqkSBOAresgT" Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.5.21 (2010-09-15) X-Spam-Status: No, score=-2.0 required=5.0 tests=ALL_TRUSTED,BAYES_00, DKIM_ADSP_CUSTOM_MED,FREEMAIL_FROM,NML_ADSP_CUSTOM_MED autolearn=no version=3.3.2 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on tom.home Cc: freebsd-hackers@freebsd.org X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 29 Jul 2013 14:04:47 -0000 --dzI2QqkSBOAresgT Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Mon, Jul 29, 2013 at 12:27:40PM +0100, Karl Pielorz wrote: >=20 >=20 > --On 29 July 2013 13:02 +0200 Stefan Esser wrote: >=20 > > I guess you were looking for: > > > > net.inet.ip.fw.default_to_accept=3D"1" > > > > which is a tunable to be set in /boot/loader.conf ... >=20 > Very probably - but that's at boot time :( - Is there nothing I can do at= =20 > kldload time to have the initial kldload give me a 'allow ip from any to= =20 > any' rule as it loads? (thus not affecting traffic on the machine, or mor= e=20 > importantly the CARP interfaces)? kenv net.inet.ip.fw.default_to_accept=3D1 should have the same effect after the usermode is booted. Kenv must be set before the module is loaded. --dzI2QqkSBOAresgT Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.20 (FreeBSD) iQIcBAEBAgAGBQJR9nZ3AAoJEJDCuSvBvK1BVsgP/1cq8116/8Rqq4ZIFovVsLyf CxNw6mHAMwdiImaDIauokGXPnKMKaJmxMr9HEe8TKVNsiTqiiz9+IIhZZzhNHxpa 9cnxJHif2mLnJNBe/OEjcqR/nz2BVa/B3z/e0/2qulfdhn0CqSiA3w0SZa2Jseaj oojcbtwo5IDH78kM/DufuDnuvGHWcPyeL1BSNTai4nZaIeddgS2vmtpo7qubeKco 9uGM0LZ/W2APxYRf5pvzULDcbuOmx0bN60GBTGhdGU54paLRuPV6TFTBvG3FjVQG GuAurggqkRdQpDBqlINg64wmeIa5HgM4khqArqVD21u+1vDD9y1yPg5Mq8fK1dpd 2muJ0pC8abkUYxWeh93yhnHtbw5xwJ5IYub8+sDg3ORgvH1rKadvb/JAaqzhSHDx EB0FPzUwTdz3bhUhucVwTUFFTMekajX82FNjsRJu4KqpeUon5vWYvHubVJVaGTkf vhg+qbmoFXUOzMhfVI+Njg7T6IeeL/MKV9FgdH042Y4jKerSugo7J72pAt+JyqgA usQPQEdUR5vdpOQo4OiPb0Lg/oHpBcwcHwBGeoWCwvUk8j3TKe3lvrgIEKrU7Fxh XQadT3HvPQhgxz6JfR32HGeBCwNb0p+gg915CXEDVMZ8vlLxrQx0ZPFn1GhmSeKE BvHM/yrViI7xURpFTnI0 =kgPp -----END PGP SIGNATURE----- --dzI2QqkSBOAresgT--