From owner-freebsd-ipfw@FreeBSD.ORG  Thu Sep  9 13:56:19 2010
Return-Path: <owner-freebsd-ipfw@FreeBSD.ORG>
Delivered-To: ipfw@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id D560010656ED
	for <ipfw@freebsd.org>; Thu,  9 Sep 2010 13:56:19 +0000 (UTC)
	(envelope-from lordcow@lordcow.org)
Received: from lordcow.org (lordcow.org [41.203.5.188])
	by mx1.freebsd.org (Postfix) with ESMTP id 09C268FC14
	for <ipfw@freebsd.org>; Thu,  9 Sep 2010 13:56:18 +0000 (UTC)
Received: from lordcow.org (localhost [127.0.0.1])
	by lordcow.org (8.14.4/8.14.4) with ESMTP id o89DHcGT021973
	(version=TLSv1/SSLv3 cipher=DHE-DSS-AES256-SHA bits=256 verify=NO)
	for <ipfw@freebsd.org>; Thu, 9 Sep 2010 15:17:38 +0200 (SAST)
	(envelope-from lordcow@lordcow.org)
Received: (from lordcow@localhost)
	by lordcow.org (8.14.4/8.14.4/Submit) id o89DHXAW021972
	for ipfw@freebsd.org; Thu, 9 Sep 2010 15:17:33 +0200 (SAST)
	(envelope-from lordcow)
Date: Thu, 9 Sep 2010 15:17:33 +0200
From: Gareth de Vaux <bsd@lordcow.org>
To: ipfw@freebsd.org
Message-ID: <20100909131733.GA21535@lordcow.org>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.4.2.3i
X-Spam-Status: No, score=-1.0 required=5.0 tests=ALL_TRUSTED
	autolearn=unavailable version=3.3.1
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on lordcow.org
Cc: 
Subject: phantom rules
X-BeenThere: freebsd-ipfw@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: IPFW Technical Discussions <freebsd-ipfw.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw>,
	<mailto:freebsd-ipfw-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-ipfw>
List-Post: <mailto:freebsd-ipfw@freebsd.org>
List-Help: <mailto:freebsd-ipfw-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw>,
	<mailto:freebsd-ipfw-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 09 Sep 2010 13:56:19 -0000

Hi all, for some reason these rules get loaded on boot up before the
ones I specify in a file:

00100   0     0 allow ip from any to any via lo0
00200   0     0 deny ip from any to 127.0.0.0/8
00300   0     0 deny ip from 127.0.0.0/8 to any
00400   0     0 deny ip from any to ::1
00500   0     0 deny ip from ::1 to any
00600   0     0 allow ipv6-icmp from :: to ff02::/16
00700   0     0 allow ipv6-icmp from fe80::/10 to fe80::/10
00800   0     0 allow ipv6-icmp from fe80::/10 to ff02::/16
00900   0     0 allow ipv6-icmp from any to any ip6 icmp6types 1
01000   0     0 allow ipv6-icmp from any to any ip6 icmp6types 2,135,136

I just flush this manually but how do I stop the behaviour properly?

My rc.conf entries:

firewall_enable="YES"
firewall_type="/usr/local/etc/firewall"
firewall_logging="YES"