From owner-freebsd-stable Mon Jan 28 12:36:45 2002 Delivered-To: freebsd-stable@freebsd.org Received: from gw.nectar.cc (gw.nectar.cc [208.42.49.153]) by hub.freebsd.org (Postfix) with ESMTP id E95F537B404 for ; Mon, 28 Jan 2002 12:36:41 -0800 (PST) Received: from madman.nectar.cc (madman.nectar.cc [10.0.1.111]) by gw.nectar.cc (Postfix) with ESMTP id 6C8DF4C; Mon, 28 Jan 2002 14:36:41 -0600 (CST) Received: (from nectar@localhost) by madman.nectar.cc (8.11.6/8.11.6) id g0SKafB43156; Mon, 28 Jan 2002 14:36:41 -0600 (CST) (envelope-from nectar) Date: Mon, 28 Jan 2002 14:36:40 -0600 From: "Jacques A. Vidrine" To: Chad David Cc: freebsd-stable@FreeBSD.ORG Subject: Re: firewall config (CTFM) Message-ID: <20020128203640.GB42996@madman.nectar.cc> Mail-Followup-To: "Jacques A. Vidrine" , Chad David , freebsd-stable@FreeBSD.ORG References: <20020128113806.O95859-100000@rockstar.stealthgeeks.net> <20020128132015.A66369@colnta.acns.ab.ca> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20020128132015.A66369@colnta.acns.ab.ca> User-Agent: Mutt/1.3.27i X-Url: http://www.nectar.cc/ Sender: owner-freebsd-stable@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG On Mon, Jan 28, 2002 at 01:20:15PM -0700, Chad David wrote: > One of the things I would recommend documenting very clearly is that > you DO NOT NEED TO COMPILE IPFW INTO THE KERNEL. Except if you want to default to deny, you must [1]. The rc system loads the firewall after configuring your interfaces. This may be a bug. Cheers, -- Jacques A. Vidrine http://www.nectar.cc/ NTT/Verio SME . FreeBSD UNIX . Heimdal Kerberos jvidrine@verio.net . nectar@FreeBSD.org . nectar@kth.se [1] Well, I suppose you could load the ipfw module with the boot loader instead. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message