From owner-freebsd-current Thu Oct 26 13:35:26 2000 Delivered-To: freebsd-current@freebsd.org Received: from gateway.symark.com (firewall.symark.westlake.iswest.net [207.178.203.34]) by hub.freebsd.org (Postfix) with ESMTP id 8D76E37B4C5 for ; Thu, 26 Oct 2000 13:35:23 -0700 (PDT) Received: (from mailer@localhost) by gateway.symark.com (8.9.3/8.9.3) id NAA31393; Thu, 26 Oct 2000 13:35:23 -0700 Received: from camel.symark.com(128.1.1.97) by gateway.symark.com via smap (V2.1+anti-relay+anti-spam) id xma031383; Thu, 26 Oct 00 13:34:56 -0700 Received: by localhost with Microsoft MAPI; Thu, 26 Oct 2000 13:36:42 -0700 Message-ID: <01C03F51.C66C48A0.ggross@symark.com> From: Glen Gross Reply-To: "ggross@symark.com" To: "'Bill Fumerola'" Cc: "'FreeBSD-Current'" Subject: RE: ipfw question. Date: Thu, 26 Oct 2000 13:36:40 -0700 Organization: Symark Software X-Mailer: Microsoft Internet E-mail/MAPI - 8.0.0.4211 MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: owner-freebsd-current@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG Thanks, I suppose I should have been able to figure that one out... if I could log in! I will fix it when I get home. :-) On Thursday, October 26, 2000 1:32 PM, Bill Fumerola [SMTP:billf@chimesnet.com] wrote: > On Thu, Oct 26, 2000 at 01:31:03PM -0700, Glen Gross wrote: > > > > I built a 4.1.1 kernel, and the module was built, but when I load the ipfw > > module with > > > > #kldload ipfw > > > > it defaults to a deny_all policy, even though I have default_to_accept in my > > > > kernel configuration. > > This makes it difficult to configure remotely without getting locked out of > > the > > system. > > Is there a way to cause the ipfw module to default to a different policy > > upon > > loading? > > For now it appears that I am locked out, until I can access the console. > > Your kernel configuration has ABSOLUTLY NOTHING to do with your module builds. > > > [hawk-billf] /usr/src > cat sys/modules/ipfw/Makefile > # $FreeBSD: src/sys/modules/ipfw/Makefile,v 1.13 2000/05/27 01:13:50 peter Exp > $ > > .PATH: ${.CURDIR}/../../netinet > KMOD= ipfw > SRCS= ip_fw.c > NOMAN= > CFLAGS+= -DIPFIREWALL > # > #If you want it verbose > #CFLAGS+= -DIPFIREWALL_VERBOSE > #CFLAGS+= -DIPFIREWALL_VERBOSE_LIMIT=100 > # > #If you want it to pass all packets by default > #CFLAGS+= -DIPFIREWALL_DEFAULT_TO_ACCEPT > # > > Guess what you should uncomment.... > > -- > Bill Fumerola - Network Architect, BOFH / Chimes, Inc. > billf@chimesnet.com / billf@FreeBSD.org > Glen M. Gross Unix Technical Support Specialist Symark Software 5716 Corsa Avenue, Suite 200 Westlake Village, CA 91362 http://www.symark.com unix-support@symark.com Main: 800-234-9072 or 818-865-6100 Main fax: 818-889-1894 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-current" in the body of the message