From owner-freebsd-doc Thu Jan 2 11:24:57 2003 Delivered-To: freebsd-doc@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 47CA537B401 for ; Thu, 2 Jan 2003 11:24:56 -0800 (PST) Received: from pakastelohi.cypherpunks.to (pakastelohi.cypherpunks.to [213.130.163.34]) by mx1.FreeBSD.org (Postfix) with ESMTP id BFD6F43ED8 for ; Thu, 2 Jan 2003 11:24:55 -0800 (PST) (envelope-from shamrock@cypherpunks.to) Received: from VAIO650 (unknown [208.201.229.160]) (using TLSv1 with cipher RC4-MD5 (128/128 bits)) (No client certificate requested) by pakastelohi.cypherpunks.to (Postfix) with ESMTP id 6C4EF36481; Thu, 2 Jan 2003 20:24:53 +0100 (CET) From: "Lucky Green" To: "'Nick Rogness'" Cc: , Subject: RE: IPFW: suicidal defaults Date: Thu, 2 Jan 2003 11:24:48 -0800 Message-ID: <003901c2b294$9f341610$6601a8c0@VAIO650> MIME-Version: 1.0 Content-Type: text/plain; charset="US-ASCII" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook, Build 10.0.2627 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106 In-Reply-To: <20030102120754.P4054-100000@skywalker.rogness.net> Importance: Normal Sender: owner-freebsd-doc@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Nick wrote: > Ummm, unless things have changed, just recompiling the > kernel with > 'options IPFIREWALL' won't enable your firewall. You need the > corresponding option in /etc/rc.conf : > > firewall_enable="YES" > > If you recompiled your kernel with 'options IPFIREWALL' > and didn't > enable the above switch in /etc/rc.conf then your problem isn't > the firewall blocking you. Chances are your kernel won't load > properly on the machine the way you compiled it. I assure you that I didn't have firewall_enable="YES" set and yet the firewall was turned on once my system came back from reboot. Stock 4.6.2 install, security branch cvsup. I am looking at rc.* this very moment. If I had enabled the firewall in rc.conf, I would richly deserve whatever punishment I got. :) One I finally got a hold of a guy on-site, his trying to use ping on the server make it pretty obvious that that firewall was active. He added an entry to rc.local that starts up the firewall with a more lenient rule set, but I will look at /etc/defaults/rc.conf to figure out how IPFW is supposed to be started up from rc.conf. I swear that the firewall came up without any changes to rc.conf, otherwise I wouldn't have emailed you folks in the first place... --Lucky To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-doc" in the body of the message