Date: Thu, 02 Jan 2003 14:32:40 -0500 (EST) From: John Baldwin <jhb@FreeBSD.org> To: Lucky Green <shamrock@cypherpunks.to> Cc: doc@FreeBSD.ORG, l.rizzo@iet.unipi.it, Nick Rogness <nick@rogness.net> Subject: RE: IPFW: suicidal defaults Message-ID: <XFMail.20030102143240.jhb@FreeBSD.org> In-Reply-To: <003901c2b294$9f341610$6601a8c0@VAIO650>
next in thread | previous in thread | raw e-mail | index | archive | help
On 02-Jan-2003 Lucky Green wrote: > Nick wrote: >> Ummm, unless things have changed, just recompiling the >> kernel with >> 'options IPFIREWALL' won't enable your firewall. You need the >> corresponding option in /etc/rc.conf : >> >> firewall_enable="YES" >> >> If you recompiled your kernel with 'options IPFIREWALL' >> and didn't >> enable the above switch in /etc/rc.conf then your problem isn't >> the firewall blocking you. Chances are your kernel won't load >> properly on the machine the way you compiled it. > > I assure you that I didn't have firewall_enable="YES" set and yet the > firewall was turned on once my system came back from reboot. Stock 4.6.2 > install, security branch cvsup. I am looking at rc.* this very moment. > > If I had enabled the firewall in rc.conf, I would richly deserve > whatever punishment I got. :) > > One I finally got a hold of a guy on-site, his trying to use ping on the > server make it pretty obvious that that firewall was active. He added an > entry to rc.local that starts up the firewall with a more lenient rule > set, but I will look at /etc/defaults/rc.conf to figure out how IPFW is > supposed to be started up from rc.conf. > > I swear that the firewall came up without any changes to rc.conf, > otherwise I wouldn't have emailed you folks in the first place... Use 'firewall_enable="YES"' and 'firewall_type="open"' in /etc/rc.conf until you come up with a ruleset. Either that or compile your kernel with the option to default to allow when you compile the firewall in. -- John Baldwin <jhb@FreeBSD.org> <>< http://www.FreeBSD.org/~jhb/ "Power Users Use the Power to Serve!" - http://www.FreeBSD.org/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-doc" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?XFMail.20030102143240.jhb>