From owner-freebsd-questions@FreeBSD.ORG Fri Feb 27 13:09:40 2004 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id C61E616A4CE for ; Fri, 27 Feb 2004 13:09:40 -0800 (PST) Received: from rdsnet.ro (unknown [62.231.74.130]) by mx1.FreeBSD.org (Postfix) with ESMTP id 3461D43D2F for ; Fri, 27 Feb 2004 13:09:39 -0800 (PST) (envelope-from itetcu@apropo.ro) Received: (qmail 22495 invoked from network); 27 Feb 2004 21:08:52 -0000 Received: from unknown (HELO it.buh.cameradicommercio.ro) (81.196.25.19) by mail.rdsnet.ro with SMTP; 27 Feb 2004 21:08:52 -0000 Received: from it.buh.cameradicommercio.ro (localhost.buh.cameradicommercio.ro [127.0.0.1]) by it.buh.cameradicommercio.ro (Postfix) with SMTP id 265391EE; Fri, 27 Feb 2004 23:10:44 +0200 (EET) Date: Fri, 27 Feb 2004 23:10:44 +0200 From: Ion-Mihai Tetcu To: "Shaun T. Erickson" Message-Id: <20040227231044.180055fa@it.buh.cameradicommercio.ro> In-Reply-To: <403FABE4.6050608@ste-land.com> References: <20040227194414.835572B4DA7@mail.evilcoder.org> <403F9F4B.6080608@ste-land.com> <20040227132231.P2868@wonkity.com> <403FABE4.6050608@ste-land.com> X-Mailer: Sylpheed version 0.9.9claws (GTK+ 1.2.10; i386-portbld-freebsd5.2) Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit cc: freebsd-questions@freebsd.org Subject: Re: Firewall enabling confusion. X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 27 Feb 2004 21:09:40 -0000 On Fri, 27 Feb 2004 15:43:16 -0500 "Shaun T. Erickson" wrote: > Warren Block wrote: > > > On Fri, 27 Feb 2004, Shaun T. Erickson wrote: > > > > > >>Thanks! Yes, the ipfw.ko module is getting loaded. So now I just > >need to>know how to enable things like divert and logging. > > > > > > /etc/rc.firewall has examples. > > I looked at that. That's not what I mean. :) I mean, if I do not have > to build a new kernel to enable firewalling, logging and divert, then > how do I enable them, such that the following line from my messages > file would show that they have been enabled? > Adding firewall_enable="YES" to rc.conf caused the ipfw module to be > loaded, enabling firewalling. Adding firewall_logging="YES" did *not* > enable logging in the message file line shown below. How do I do that? hint: sysctl -a | grep ip.fw for logging do: sysctl -w net.inet.ip.fw.verbose: 1 sysctl -w net.inet.ip.fw.verbose_limit: 5 see also man ipfw, it will answer your questions. > How would I get that line to show divert as being enabled? I may be > wrong (correct me if I am, please), but doesn't that line have to show > them as enabled, before I can successfully make use of them in ipfw > commands like those you pointed me to in rc.firewall? What if I want > that line to report that the default is open, instead of deny? AFAIK recompile with IPFW_DEFAUL_TO_ACCEPT, but it would be a bad thing. > > Feb 27 14:37:22 peter kernel: ipfw2 initialized, divert disabled, > rule-based forwarding enabled, default to deny, logging disabled > > -ste > > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to > "freebsd-questions-unsubscribe@freebsd.org" > > > !DSPAM:403faf7e32055386612425! > > -- IOnut Unregistered ;) FreeBSD user