Date: 19 Nov 1999 05:41:07 +0200 From: Giorgos Keramidas <keramida@ceid.upatras.gr> To: freebsd-security@freebsd.org Subject: Re: ipfw and ifconfig Message-ID: <86zowbywq4.fsf@localhost.hell.gr> In-Reply-To: Zahemszky Gabor's message of "Thu, 18 Nov 1999 12:12:00 %2B0100 (CET)" References: <199911181112.MAA00778@CoDe.hu>
next in thread | previous in thread | raw e-mail | index | archive | help
Zahemszky Gabor <zgabor@CoDe.hu> writes: > Hi! > > Somebody asked, and I cannot answered: > > Why in FreeBSD, there is ifconfig _before_ ipfw? I think it is because the default setup of the kernel (that is if you don't enable the IPFIREWALL_DEFAULT_TO_ACCEPT option when building your kernel) will explicitly deny all packets with a rule of: 65535 deny ip from any to any Seems ok to me. On the other hand, if you change this to `allow' then you're probably accepting more things than you would like to, and it doesn't really matter if ifconfig is the first or the last thing in your rc-scripts anyway. -- Giorgos Keramidas, <keramida@ceid.upatras.gr> "What we have to learn to do, we learn by doing." [Aristotle] To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?86zowbywq4.fsf>