Skip site navigation (1)Skip section navigation (2) 
Date:      Fri, 29 Mar 2002 18:18:46 +0000
From:      Scott Mitchell <scott.mitchell@mail.com>
To:        Martyn Hill <sysadmin@st-james-snrgirls.w-london.sch.uk>
Cc:        G D McKee <freebsd@gdmckee.com>, FreeBSD-questions <freebsd-questions@FreeBSD.ORG>
Subject:   Re: Cable-modem, dynamic IP, NAT and IPFW
Message-ID:  <20020329181846.C8371@fishballoon.dyndns.org>
In-Reply-To: <002601c1d672$9238db20$0a00000a@stjames.net>; from sysadmin@st-james-snrgirls.w-london.sch.uk on Thu, Mar 28, 2002 at 04:06:50PM -0000
References:  <0B0368CED76DD4118E1200D0B73E9B5D041E9F8D@MAIL1> <000a01c1d5b0$f282bfe0$0a00000a@stjames.net> <021101c1d5d3$6d6b9f70$c800a8c0@p1000> <002601c1d672$9238db20$0a00000a@stjames.net>
next in thread | previous in thread | raw e-mail | index | archive | help 
On Thu, Mar 28, 2002 at 04:06:50PM -0000, Martyn Hill wrote:
> Gordon
> 
> Thanks. The issue of daft firewall rules may be pertinent - however, I have (temporarily) switched off the firewall in
> /etc/rc.conf with
> 
>     firewall_enable="NO"
> 
> Is this sufficient to ensure that I'm testing the system without interference from a potentially dodgy set of rules?
> 
> Martyn Hill.

Possibly not (see the lengthy discussion on -stable about this a couple of
months back...)   You might be better off with:

firewall_enable="YES"
firewall_type="open"

That enables the firewall but configures it to just pass everything.
firewall_enable="NO" doesn't necessarily do what you expect when the
firewall is compiled into the kernel rather than loaded from a module --
the firewall will still be there but defaults to blocking all packets.

HTH,

	Scott

-- 
===========================================================================
Scott Mitchell          | PGP Key ID | "Eagles may soar, but weasels
Cambridge, England      | 0x54B171B9 |  don't get sucked into jet engines"
scott.mitchell@mail.com | 0xAA775B8B |      -- Anon

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020329181846.C8371>