Date: Mon, 06 Jun 2016 10:47:04 -0400 From: Ernie Luzar <luzar722@gmail.com> To: Levente <leventelist@gmail.com> Cc: freebsd-questions <freebsd-questions@freebsd.org> Subject: Re: stop ipfilter Message-ID: <57558CE8.3020008@gmail.com> In-Reply-To: <CACwWb3DzWRaSt4bFGFtiS3J4bv=b9oJhZWcsj4bHdrRdnz2gDQ@mail.gmail.com> References: <20160605134825.30e1d3d9@jive> <57546C60.7020301@gmail.com> <CACwWb3DzWRaSt4bFGFtiS3J4bv=b9oJhZWcsj4bHdrRdnz2gDQ@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
ipfilter has 2 parts, ipmon which runs in userland that is seen in the output of ps ax command. It can be stopped and started with the service command. The ipfilter firewall runs as part of the kernel. To stop the ipfilter kernel part, you have to remove the enable statement from rc.conf and reboot. Now on occasion I some times want to nullify all my custom rule processing just for debugging some application. In that case I add these rules before all other rules in the rule set. pass in quick on xl0 all pass out quick on xl0 all This causes all traffic to bypass all the rules followings them, in effect stopping your custom rule set from processing and allowing all traffic to pass through the firewall in both directions un-touched. Thats as close to stopping ipfilter as you can get with out removing the rc.conf enable statement and rebooting.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?57558CE8.3020008>