From owner-freebsd-questions@FreeBSD.ORG Fri Feb 27 11:44:16 2004 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 65FBC16A4D1 for ; Fri, 27 Feb 2004 11:44:16 -0800 (PST) Received: from mail.evilcoder.org (cust.94.120.adsl.cistron.nl [195.64.94.120]) by mx1.FreeBSD.org (Postfix) with ESMTP id C3F7543D2F for ; Fri, 27 Feb 2004 11:44:15 -0800 (PST) (envelope-from remko@elvandar.org) From: "Remko Lodder" To: "Shaun T. Erickson" , Date: Fri, 27 Feb 2004 20:44:10 +0100 MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) Importance: Normal In-Reply-To: <20040227194035.EBECB1C@mail.elvandar.org> X-Virus-Scanned: for evilcoder.org Message-Id: <20040227194414.835572B4DA7@mail.evilcoder.org> Subject: RE: Firewall enabling confusion. X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 27 Feb 2004 19:44:16 -0000 kldstat is the program you are looking for (like lsmod) It can indeed be that the module is loaded with it's default settings {block all} Hope this solves your lsmod question, the rest i cannot help you with since i don't understand ipfw :) {yet} cheers -- Kind regards, Remko Lodder Elvandar.org/DSINet.org www.mostly-harmless.nl Dutch community for helping newcomers on the hackerscene mrtg.grunn.org Dutch mirror of MRTG -----Oorspronkelijk bericht----- Van: owner-freebsd-questions@freebsd.org [mailto:owner-freebsd-questions@freebsd.org]Namens Shaun T. Erickson Verzonden: vrijdag 27 februari 2004 20:40 Aan: freebsd-questions@freebsd.org Onderwerp: Firewall enabling confusion. I put 'firewall_enable="YES"' in /etc/rc.conf, in anticipation of rebuilding my kernel with the following options turned on: options IPFIREWALL options IPFIREWALL_VERBOSE options IPFIREWALL_VERBOSE_LIMIT=100 I rebooted, for unrelated reasons, and now see in the messages file that ipfw2 has been enabled and, indeed, since I have no rules in place, my system is cut off from the network. I haven't yet rebuilt my kernel, so I don't understand why this kicked in. Did adding that line in rc.conf suck in a kernel module that obsoletes the need for those kernel options? How do I check (I'd do an lsmod, on Linux - don't know what the equivalent FreeBSD command is)? If it is a module, how do I enable logging, as adding 'firewall_logging="YES"' to /etc/rc.conf didn't turn it on, according to the messages file. Likewise for divert (though I don't currently need it). Feb 27 14:37:22 peter kernel: ipfw2 initialized, divert disabled, rule-based forwarding enabled, default to deny, logging disabled -ste _______________________________________________ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org"