From owner-freebsd-questions@FreeBSD.ORG  Fri Feb 27 13:23:57 2004
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 2D09816A4CE
	for <freebsd-questions@freebsd.org>;
	Fri, 27 Feb 2004 13:23:57 -0800 (PST)
Received: from rdsnet.ro (unknown [62.231.74.130])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 2EAC543D39
	for <freebsd-questions@freebsd.org>;
	Fri, 27 Feb 2004 13:23:56 -0800 (PST)
	(envelope-from itetcu@apropo.ro)
Received: (qmail 26211 invoked from network); 27 Feb 2004 21:23:55 -0000
Received: from unknown (HELO it.buh.cameradicommercio.ro) (81.196.25.19)
  by mail.rdsnet.ro with SMTP; 27 Feb 2004 21:23:55 -0000
Received: from it.buh.cameradicommercio.ro (localhost.buh.cameradicommercio.ro
	[127.0.0.1])
	by it.buh.cameradicommercio.ro (Postfix) with SMTP id 763E41F8
	for <freebsd-questions@freebsd.org>;
	Fri, 27 Feb 2004 23:25:47 +0200 (EET)
Date: Fri, 27 Feb 2004 23:25:47 +0200
From: Ion-Mihai Tetcu <itetcu@apropo.ro>
To: freebsd-questions@freebsd.org
Message-Id: <20040227232547.1cc0bc3c@it.buh.cameradicommercio.ro>
In-Reply-To: <403FB332.7020200@ste-land.com>
References: <20040227194414.835572B4DA7@mail.evilcoder.org>
	<403F9F4B.6080608@ste-land.com>
	<20040227132231.P2868@wonkity.com>
	<403FABE4.6050608@ste-land.com>
	<20040227231044.180055fa@it.buh.cameradicommercio.ro>
	<403FB332.7020200@ste-land.com>
X-Mailer: Sylpheed version 0.9.9claws (GTK+ 1.2.10; i386-portbld-freebsd5.2)
Mime-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Subject: Re: Firewall enabling confusion.
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>,
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>,
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 27 Feb 2004 21:23:57 -0000

On Fri, 27 Feb 2004 16:14:26 -0500
"Shaun T. Erickson" <ste@ste-land.com> wrote:

> Ion-Mihai Tetcu wrote:
> 
> > hint:
> > sysctl -a | grep ip.fw 
> > for logging do:
> > sysctl -w net.inet.ip.fw.verbose: 1
> > sysctl -w net.inet.ip.fw.verbose_limit: 5
> 
> Ah.
> 
> > see also man ipfw, it will answer your questions.
> 
> I'm still wading through it - it's quite a long read. I'll finish before 
> asking anything else. ;)
> 
> > AFAIK recompile with IPFW_DEFAUL_TO_ACCEPT, but it would be a bad thing.
> 
> I don't disagree - I just wanted to know how. It helps me to understand 
> the system better. ;)

;) on ipfw2 you can suspend the last automatic deny all rule, see the man page.


-- 
IOnut
Unregistered ;) FreeBSD user