Date: Thu, 2 Jan 2003 11:24:48 -0800 From: "Lucky Green" <shamrock@cypherpunks.to> To: "'Nick Rogness'" <nick@rogness.net> Cc: <l.rizzo@iet.unipi.it>, <doc@FreeBSD.ORG> Subject: RE: IPFW: suicidal defaults Message-ID: <003901c2b294$9f341610$6601a8c0@VAIO650> In-Reply-To: <20030102120754.P4054-100000@skywalker.rogness.net>
next in thread | previous in thread | raw e-mail | index | archive | help
Nick wrote: > Ummm, unless things have changed, just recompiling the > kernel with > 'options IPFIREWALL' won't enable your firewall. You need the > corresponding option in /etc/rc.conf : > > firewall_enable="YES" > > If you recompiled your kernel with 'options IPFIREWALL' > and didn't > enable the above switch in /etc/rc.conf then your problem isn't > the firewall blocking you. Chances are your kernel won't load > properly on the machine the way you compiled it. I assure you that I didn't have firewall_enable="YES" set and yet the firewall was turned on once my system came back from reboot. Stock 4.6.2 install, security branch cvsup. I am looking at rc.* this very moment. If I had enabled the firewall in rc.conf, I would richly deserve whatever punishment I got. :) One I finally got a hold of a guy on-site, his trying to use ping on the server make it pretty obvious that that firewall was active. He added an entry to rc.local that starts up the firewall with a more lenient rule set, but I will look at /etc/defaults/rc.conf to figure out how IPFW is supposed to be started up from rc.conf. I swear that the firewall came up without any changes to rc.conf, otherwise I wouldn't have emailed you folks in the first place... --Lucky To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-doc" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?003901c2b294$9f341610$6601a8c0>