From owner-freebsd-questions@FreeBSD.ORG  Fri Oct 11 02:38:46 2013
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits))
 (No client certificate requested)
 by hub.freebsd.org (Postfix) with ESMTP id 323E8626
 for <freebsd-questions@freebsd.org>; Fri, 11 Oct 2013 02:38:46 +0000 (UTC)
 (envelope-from chrisstankevitz@gmail.com)
Received: from mail-ie0-x232.google.com (mail-ie0-x232.google.com
 [IPv6:2607:f8b0:4001:c03::232])
 (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits))
 (No client certificate requested)
 by mx1.freebsd.org (Postfix) with ESMTPS id 07A852EC9
 for <freebsd-questions@freebsd.org>; Fri, 11 Oct 2013 02:38:45 +0000 (UTC)
Received: by mail-ie0-f178.google.com with SMTP id to1so7175987ieb.9
 for <freebsd-questions@freebsd.org>; Thu, 10 Oct 2013 19:38:45 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113;
 h=mime-version:date:message-id:subject:from:to:content-type;
 bh=xtWkY84dRk7UqvNVD72kW0Axk8fU63M9ZzlsqAK++EU=;
 b=Jg/cv2zkXp7PDZy7/O8Thod1tmFx1MECHQJM5oJ7qIbeul6n3jJk3M99sG+o3dh1Kx
 9Md4oRZsVYGmcx63nHvQWRxHJepIJ1fq+YmfZHmWQ+6W4hpkgflEhdfIbAXPigGOQoSO
 JcrhExtbHG7DWk5FmdHGI0xXvEJ+AOmQY/G90RQBE6kIKyaWClYUI0lSWjlGZEwoajz4
 SGD0K9QVdSnfx8VCKhLc+1AvMV8g4Cfy50nn0vMymkrbOgR0H/YBdzU6XEEhuOOq2lfd
 n8A09lZoi5jRucX1Ei7+IJFbJuRSpXF/1SfEY6ab6mN4U9BljlOADjiTOPfwZHMNlBMf
 gmSQ==
MIME-Version: 1.0
X-Received: by 10.50.234.162 with SMTP id uf2mr980204igc.48.1381459125310;
 Thu, 10 Oct 2013 19:38:45 -0700 (PDT)
Received: by 10.42.139.6 with HTTP; Thu, 10 Oct 2013 19:38:45 -0700 (PDT)
Date: Thu, 10 Oct 2013 19:38:45 -0700
Message-ID: <CAPi0psuTj8YVhMve-qNsGcAEB9BLYH-fzA7=gmBpgfg+W5DdrA@mail.gmail.com>
Subject: NATD: net.inet.ip.fw.default_to_accept="1" vs firewall_type="OPEN"
From: Chris Stankevitz <chrisstankevitz@gmail.com>
To: freebsd-questions@freebsd.org
Content-Type: text/plain; charset=ISO-8859-1
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.14
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-questions>, 
 <mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
 <mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 11 Oct 2013 02:38:46 -0000

Hello,

Handbook section 31.9 describes the setup of NAT.

Section 31.9.3 suggests net.inet.ip.fw.default_to_accept="1" "during
the first attempts to setup a firewall and NAT gateway".

Section 31.9.5 suggests I "specify a predefined firewall ruleset that
allows anything in" with firewall_type="OPEN"

Question: What is the difference between these two configurations (or
where can I go to learn the difference between the two)?

Thank you,

Chris