From owner-freebsd-questions@freebsd.org Mon Jun 6 14:47:01 2016 Return-Path: Delivered-To: freebsd-questions@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 012FDB6DC34 for ; Mon, 6 Jun 2016 14:47:01 +0000 (UTC) (envelope-from luzar722@gmail.com) Received: from mail-io0-x243.google.com (mail-io0-x243.google.com [IPv6:2607:f8b0:4001:c06::243]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id BE55D1EDD for ; Mon, 6 Jun 2016 14:47:00 +0000 (UTC) (envelope-from luzar722@gmail.com) Received: by mail-io0-x243.google.com with SMTP id 5so2562753ioy.0 for ; Mon, 06 Jun 2016 07:47:00 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=message-id:date:from:user-agent:mime-version:to:cc:subject :references:in-reply-to:content-transfer-encoding; bh=Jv0ZohbI2b/s/lPrZppwPtxyjDK8ANFO1pzKTpD13Gw=; b=Uy+p+Hq6w81qYwIKiDtfYGNS0bZgMs6S3VDgsq1c9Iub9lqzE9U3KxTobChwwBPx9l dVhmC6RjaZaBmVTAskx34Omkhg8uzoMtDlLLqM9aYo/k8/QktjuTObWJ6B7OEDMFeifF QaM+EOg4hjWH2uGq+BhdaFQQUxC7Pzh0Ig22DjaRX1KQADmOnXxjOKpXzN4TOPf4iy3Y ikLqdUdi+QM7mVxmZw2PljANDQtBW0UJOceeBbVbEfpbjZbiIBw+Ve5sJhE56DY1+zDz h2L105QdjnyvyQnQGPtSl6fR6gwzjSabpVjvvM4EyY2aBlUkgarIrf7/aZA+26UkA5Jf ZBWA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:message-id:date:from:user-agent:mime-version:to :cc:subject:references:in-reply-to:content-transfer-encoding; bh=Jv0ZohbI2b/s/lPrZppwPtxyjDK8ANFO1pzKTpD13Gw=; b=h/tb0+1Wzc3Ir1xq6wIpoOI6DkPxTCF0njJkSHv1d8zWMG7vWx8wN4Mu7q/5xwFHzY R1GkZDlQSC0VH84QRP/ArDQRsi9sR+9i4mAJ57i95MSo9YNi2+y61/yb5a9QPRdGTJdc 3ZOmlU6Uz9Gb2km0VePBd8WygG1Pky98NR8IQm5NRDNkTFk98nS6l7Mh23rINJVdfl6o CwyETEZrxBNWuKGriQq/6CtQ/nYU9pxl7a0XNJEM17DC1ORWQ7shxqE88hkxRsaXqNP4 ecWUkbhr2qO3iGIOI2GliNC0zE6OXxkOOclkUpkcuziKEJ5VsyBogJW1Km9KBfwZsHBF 3KoQ== X-Gm-Message-State: ALyK8tIzT5XlAxZNp9p69ZReCV6wsd3piTEpeEFGyg7kijw3Dlq8ZRXrbrOfL/ZJGJpEeA== X-Received: by 10.107.38.10 with SMTP id m10mr25567909iom.7.1465224420204; Mon, 06 Jun 2016 07:47:00 -0700 (PDT) Received: from [10.0.10.3] (cpe-184-56-210-236.neo.res.rr.com. [184.56.210.236]) by smtp.googlemail.com with ESMTPSA id e7sm9320008iof.12.2016.06.06.07.46.59 (version=TLSv1/SSLv3 cipher=OTHER); Mon, 06 Jun 2016 07:46:59 -0700 (PDT) Message-ID: <57558CE8.3020008@gmail.com> Date: Mon, 06 Jun 2016 10:47:04 -0400 From: Ernie Luzar User-Agent: Thunderbird 2.0.0.24 (Windows/20100228) MIME-Version: 1.0 To: Levente CC: freebsd-questions Subject: Re: stop ipfilter References: <20160605134825.30e1d3d9@jive> <57546C60.7020301@gmail.com> In-Reply-To: Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 06 Jun 2016 14:47:01 -0000 ipfilter has 2 parts, ipmon which runs in userland that is seen in the output of ps ax command. It can be stopped and started with the service command. The ipfilter firewall runs as part of the kernel. To stop the ipfilter kernel part, you have to remove the enable statement from rc.conf and reboot. Now on occasion I some times want to nullify all my custom rule processing just for debugging some application. In that case I add these rules before all other rules in the rule set. pass in quick on xl0 all pass out quick on xl0 all This causes all traffic to bypass all the rules followings them, in effect stopping your custom rule set from processing and allowing all traffic to pass through the firewall in both directions un-touched. Thats as close to stopping ipfilter as you can get with out removing the rc.conf enable statement and rebooting.