Date: Thu, 09 Sep 2010 08:28:39 -0700 From: Julian Elischer <julian@elischer.org> To: Gareth de Vaux <bsd@lordcow.org> Cc: ipfw@freebsd.org Subject: Re: phantom rules Message-ID: <4C88FD27.2060901@elischer.org> In-Reply-To: <20100909131733.GA21535@lordcow.org> References: <20100909131733.GA21535@lordcow.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On 9/9/10 6:17 AM, Gareth de Vaux wrote: > Hi all, for some reason these rules get loaded on boot up before the > ones I specify in a file: > > 00100 0 0 allow ip from any to any via lo0 > 00200 0 0 deny ip from any to 127.0.0.0/8 > 00300 0 0 deny ip from 127.0.0.0/8 to any > 00400 0 0 deny ip from any to ::1 > 00500 0 0 deny ip from ::1 to any > 00600 0 0 allow ipv6-icmp from :: to ff02::/16 > 00700 0 0 allow ipv6-icmp from fe80::/10 to fe80::/10 > 00800 0 0 allow ipv6-icmp from fe80::/10 to ff02::/16 > 00900 0 0 allow ipv6-icmp from any to any ip6 icmp6types 1 > 01000 0 0 allow ipv6-icmp from any to any ip6 icmp6types 2,135,136 > > I just flush this manually but how do I stop the behaviour properly? > > My rc.conf entries: > > firewall_enable="YES" > firewall_type="/usr/local/etc/firewall" I think this is supposed to be one of the types supported in /etc/rc.firewall. haven't actually looked at it for a while though. > firewall_logging="YES" > _______________________________________________ > freebsd-ipfw@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw > To unsubscribe, send any mail to "freebsd-ipfw-unsubscribe@freebsd.org"
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4C88FD27.2060901>