Date: Mon, 29 Jul 2013 11:45:26 +0100 From: Karl Pielorz <kpielorz_lst@tdx.co.uk> To: freebsd-hackers@freebsd.org Subject: kldload ipfw, with IPFIREWALL_DEFAULT_TO_ACCEPT Message-ID: <1D6BF13DFC536AFC94EC6D64@Mail-PC.tdx.co.uk>
next in thread | raw e-mail | index | archive | help
Hi, I've got a number of 9.1 boxes, where we need to enable ipfw (by kldload'ing it). I'm sure I saw a while ago a sysctl that would change the default ipfw config from 'deny all' to 'allow all' - even for a kldload? But I can't find it now. The boxes have a number of CARP interfaces on them - and I don't want them getting blocked during the firewall load - as there's a chance they'll flip to MASTER etc. [as well as cutting everyone on, and going through the box off - even if only momentarily]. So if there's a sysctl for changing the default ipfw behaviour on loading, or someway of getting the ethernet interfaces to 'opt out' of ipfw (until I've added the 'allow all from any to any' rule) - that'd be great, Thanks, -Karl
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1D6BF13DFC536AFC94EC6D64>