From owner-freebsd-doc  Thu Jan  2 11:20:56 2003
Delivered-To: freebsd-doc@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 8002737B401
	for <doc@FreeBSD.ORG>; Thu,  2 Jan 2003 11:20:55 -0800 (PST)
Received: from rhadamanth.submonkey.net (pc1-cdif2-5-cust47.cdif.cable.ntl.com [81.101.150.47])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 6935C43EC5
	for <doc@FreeBSD.ORG>; Thu,  2 Jan 2003 11:20:54 -0800 (PST)
	(envelope-from setantae@submonkey.net)
Received: from setantae by rhadamanth.submonkey.net with local (Exim 4.10)
	id 18UAta-000HM7-00; Thu, 02 Jan 2003 19:20:46 +0000
Date: Thu, 2 Jan 2003 19:20:45 +0000
From: Ceri Davies <setantae@submonkey.net>
To: Nick Rogness <nick@rogness.net>
Cc: Lucky Green <shamrock@cypherpunks.to>, l.rizzo@iet.unipi.it,
	doc@FreeBSD.ORG
Subject: Re: IPFW: suicidal defaults
Message-ID: <20030102192045.GB1145@submonkey.net>
Mail-Followup-To: Ceri Davies <setantae@submonkey.net>,
	Nick Rogness <nick@rogness.net>,
	Lucky Green <shamrock@cypherpunks.to>, l.rizzo@iet.unipi.it,
	doc@FreeBSD.ORG
References: <003101c2b28f$f2b0b690$6601a8c0@VAIO650> <20030102120754.P4054-100000@skywalker.rogness.net>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <20030102120754.P4054-100000@skywalker.rogness.net>
X-message-flag: All your linuxconf-configured redhat are belong to us.
X-message-flag-attribution: suresh, sdm.
User-Agent: Mutt/1.5.1i
Sender: owner-freebsd-doc@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-doc.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-doc>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-doc>
X-Loop: FreeBSD.org

On Thu, Jan 02, 2003 at 12:12:38PM -0700, Nick Rogness wrote:
> 
> 	Ummm, unless things have changed, just recompiling the kernel with
> 	'options IPFIREWALL' won't enable your firewall.  You need the
> 	corresponding option in /etc/rc.conf :
> 
> 		firewall_enable="YES"

Nope - that tells it whether to load the ruleset (and ipfw.ko) or not.

If you've compiled ipfw as a module, then not having firewall_enable set to
YES is enough to not load the firewall, but if you've compiled it into your
kernel and don't load any rules, then you just get the default rule.

Ceri
-- 
By the forge of the clan!

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-doc" in the body of the message