Date: Sun, 09 Dec 2018 14:21:51 -0800 From: Carl Johnson <carlj@peak.org> To: freebsd-questions@freebsd.org Subject: Re: Change IPFW default to allow Message-ID: <865zw2pchs.fsf@elm.localnet> In-Reply-To: <5C0D65CB.8080602@gmail.com> (Ernie Luzar's message of "Sun, 09 Dec 2018 13:58:19 -0500") References: <5C0D594C.2060407@gmail.com> <CAHu1Y72W=vb-Xanbs7SptL97W5TJns3CASFHsP4y6PLGTKojvQ@mail.gmail.com> <5C0D65CB.8080602@gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Ernie Luzar <luzar722@gmail.com> writes: > Michael Sierchio wrote: >> sysctl net.inet.ip.fw.default_to_accept=1 >> >> On Sun, Dec 9, 2018 at 10:08 AM Ernie Luzar <luzar722@gmail.com> wrote: >> >>> Is there a sysctl nib to reset the ipfw default from deny all to allow >>> all? Some thing that works without rebooting the system. > > > sysctl net.inet.ip.fw.default_to_accept=1 doesn't work. > unknown oid > > I believe that has to go in loader.conf and reboot the system to enable. > > MY problem is with ipf on host and ipfw in a vnet jail. Once kldload > for ipfw is completed it now impacts the host by blocking all traffic > before host ipf firewall gets the traffic. Putting pass all rules in > vnet jail ipfw only effects the vnet jail not the host. The ipfw manpage mentions that it can be modified by kenv, but only if the ipfw module is reloaded. I don't know if that is acceptable to you, but I also haven't tried it since I don't use ipfw. -- Carl Johnson carlj@peak.org
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?865zw2pchs.fsf>