From owner-freebsd-hackers@FreeBSD.ORG  Mon Jul 29 11:02:46 2013
Return-Path: <owner-freebsd-hackers@FreeBSD.ORG>
Delivered-To: freebsd-hackers@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115])
 (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits))
 (No client certificate requested)
 by hub.freebsd.org (Postfix) with ESMTP id AEBD6D8B
 for <freebsd-hackers@freebsd.org>; Mon, 29 Jul 2013 11:02:46 +0000 (UTC)
 (envelope-from se@freebsd.org)
Received: from nm5-vm0.bullet.mail.ird.yahoo.com
 (nm5-vm0.bullet.mail.ird.yahoo.com [77.238.189.207])
 by mx1.freebsd.org (Postfix) with SMTP id 0A48D2D30
 for <freebsd-hackers@freebsd.org>; Mon, 29 Jul 2013 11:02:45 +0000 (UTC)
Received: from [77.238.189.237] by nm5.bullet.mail.ird.yahoo.com with NNFMP;
 29 Jul 2013 11:02:39 -0000
Received: from [46.228.39.94] by tm18.bullet.mail.ird.yahoo.com with NNFMP;
 29 Jul 2013 11:02:39 -0000
Received: from [127.0.0.1] by smtp131.mail.ir2.yahoo.com with NNFMP;
 29 Jul 2013 11:02:39 -0000
X-Yahoo-Newman-Id: 93061.76163.bm@smtp131.mail.ir2.yahoo.com
X-Yahoo-Newman-Property: ymail-3
X-YMail-OSG: vvUxnK0VM1m8xM4l_SQFzpgNovnciYlXawMPk5bMRdOTcxe
 okdSXD7AEHOR2YWZZRWC6uYBdLLDE8vRBljddAXrXjnORBUac91jDIr2F_WI
 isPSC2f98T1W.ihv9ObdtuHITubFPID1EedgIaoGXKYUfG467KYyh.vdPDa4
 58ryefg0wumY8dBITcmYSRT7DDmnBsZ5a_BdrHUbo.IdMfpQXfz4vE6c5dWA
 IgYr1Lc1uF_w2V7FtkveIrUnv2Rbp745dwBkzNulg4ZKZkXNgsahMri1yxOO
 XL6.cKLNYbVeb2_2vBgFYoNuvJRD36sxAkvXZgvkPA4QU45h3bxJyoU9zofa
 F1Xr9u7mmwo6fxggFAxAjGP1mTBipILZ1bhx19hCyTycfKbdpbpRFEOuWNku
 fG7I8xrS_s4DVvKj5E_z0g8xQKvAEmCJ4r_jXyUpVwqrvTSNQeVYWxCGZdbJ
 AMpTKzfZ6sd2PvyenJ7W83REBNwFfZeSR.y.Fg7L195DKQDztVERT39s_XMN
 fd9Bn.JVl.JLl
X-Yahoo-SMTP: iDf2N9.swBDAhYEh7VHfpgq0lnq.
X-Rocket-Received: from [192.168.0.17] (se@85.199.71.72 with )
 by smtp131.mail.ir2.yahoo.com with SMTP; 29 Jul 2013 11:02:38 +0000 UTC
Message-ID: <51F64BCC.9000301@freebsd.org>
Date: Mon, 29 Jul 2013 13:02:36 +0200
From: Stefan Esser <se@freebsd.org>
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64;
 rv:17.0) Gecko/20130620 Thunderbird/17.0.7
MIME-Version: 1.0
To: freebsd-hackers@freebsd.org, kpielorz_lst@tdx.co.uk
Subject: Re: kldload ipfw, with IPFIREWALL_DEFAULT_TO_ACCEPT
References: <1D6BF13DFC536AFC94EC6D64@Mail-PC.tdx.co.uk>
In-Reply-To: <1D6BF13DFC536AFC94EC6D64@Mail-PC.tdx.co.uk>
X-Enigmail-Version: 1.5.2
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
X-BeenThere: freebsd-hackers@freebsd.org
X-Mailman-Version: 2.1.14
Precedence: list
List-Id: Technical Discussions relating to FreeBSD
 <freebsd-hackers.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-hackers>, 
 <mailto:freebsd-hackers-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-hackers>
List-Post: <mailto:freebsd-hackers@freebsd.org>
List-Help: <mailto:freebsd-hackers-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-hackers>,
 <mailto:freebsd-hackers-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 29 Jul 2013 11:02:46 -0000

Am 29.07.2013 12:45, schrieb Karl Pielorz:
> I've got a number of 9.1 boxes, where we need to enable ipfw (by
> kldload'ing it).
> 
> I'm sure I saw a while ago a sysctl that would change the default ipfw
> config from 'deny all' to 'allow all' - even for a kldload? But I can't
> find it now.

I guess you were looking for:

	net.inet.ip.fw.default_to_accept="1"

which is a tunable to be set in /boot/loader.conf ...

Regards, STefan