From owner-freebsd-current@FreeBSD.ORG Wed Feb 21 18:58:16 2007 Return-Path: X-Original-To: current@freebsd.org Delivered-To: freebsd-current@FreeBSD.ORG Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 286F1170D16 for ; Wed, 21 Feb 2007 18:58:16 +0000 (UTC) (envelope-from swhetzel@gmail.com) Received: from mu-out-0910.google.com (mu-out-0910.google.com [209.85.134.187]) by mx1.freebsd.org (Postfix) with ESMTP id B595713C4AA for ; Wed, 21 Feb 2007 18:58:15 +0000 (UTC) (envelope-from swhetzel@gmail.com) Received: by mu-out-0910.google.com with SMTP id g7so1121562muf for ; Wed, 21 Feb 2007 10:58:14 -0800 (PST) DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=beta; h=received:message-id:date:from:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=b33AZrrBEU0j4tazRKJarXU1jGpDOIIMf/BMFwyjGY2G/1hVs+ZMOMaW7OdSASJTaZszbTjHTP3bFfQ+IznXej7ckUGQsf/tdADuf+5ueR0IrE+4IFKg9tXHFI/QKbxqzF562doo8EEt9V0cpXj29NcsddnEEj1Oqs+wrMk90g4= Received: by 10.82.172.15 with SMTP id u15mr14233251bue.1172082665703; Wed, 21 Feb 2007 10:31:05 -0800 (PST) Received: by 10.82.186.2 with HTTP; Wed, 21 Feb 2007 10:31:05 -0800 (PST) Message-ID: <790a9fff0702211031r226ba0bdsfab2eab5f4748191@mail.gmail.com> Date: Wed, 21 Feb 2007 12:31:05 -0600 From: "Scot Hetzel" To: "Kevin Oberman" In-Reply-To: <20070221180450.2E55D45053@ptavv.es.net> MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Content-Disposition: inline References: <45DC4633.6060204@freebsd.org> <20070221180450.2E55D45053@ptavv.es.net> Cc: current@freebsd.org, Eric Anderson Subject: Re: Unable to use network early in boot with recent -current X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 21 Feb 2007 18:58:16 -0000 On 2/21/07, Kevin Oberman wrote: > > Firewall rules? > > Please ignore my prior message. I just tried and "ipfw list" shows the > single default deny rule, "65535 deny ip from any to any". I have no > idea why this is in effect at this early in the startup process...long > before the firewall rules are loaded. Guess I will stop loading ipfw at > boot time and let the startup file load it. > That is the default ipfw deny rule when ipfw is loaded, it is used to protect the system from intrusion by unauthorized persons, until you have your firewall rules loaded. You can add: option IPFIREWALL_DEFAULT_TO_ACCEPT to your kernel config file, which would open your system to the world until your firewall rules restrict what other systems can access on that server. Scot -- DISCLAIMER: No electrons were mamed while sending this message. Only slightly bruised.