Date: Sun, 09 Dec 2018 18:22:42 -0500 From: Ernie Luzar <luzar722@gmail.com> To: Carl Johnson <carlj@peak.org> Cc: freebsd-questions@freebsd.org Subject: Re: Change IPFW default to allow Message-ID: <5C0DA3C2.70508@gmail.com> In-Reply-To: <865zw2pchs.fsf@elm.localnet> References: <5C0D594C.2060407@gmail.com> <CAHu1Y72W=vb-Xanbs7SptL97W5TJns3CASFHsP4y6PLGTKojvQ@mail.gmail.com> <5C0D65CB.8080602@gmail.com> <865zw2pchs.fsf@elm.localnet>
next in thread | previous in thread | raw e-mail | index | archive | help
Carl Johnson wrote: > Ernie Luzar <luzar722@gmail.com> writes: > >> Michael Sierchio wrote: >>> sysctl net.inet.ip.fw.default_to_accept=1 >>> >>> On Sun, Dec 9, 2018 at 10:08 AM Ernie Luzar <luzar722@gmail.com> wrote: >>> >>>> Is there a sysctl nib to reset the ipfw default from deny all to allow >>>> all? Some thing that works without rebooting the system. >> >> sysctl net.inet.ip.fw.default_to_accept=1 doesn't work. >> unknown oid >> >> I believe that has to go in loader.conf and reboot the system to enable. >> >> MY problem is with ipf on host and ipfw in a vnet jail. Once kldload >> for ipfw is completed it now impacts the host by blocking all traffic >> before host ipf firewall gets the traffic. Putting pass all rules in >> vnet jail ipfw only effects the vnet jail not the host. > > The ipfw manpage mentions that it can be modified by kenv, but only if > the ipfw module is reloaded. I don't know if that is acceptable to you, > but I also haven't tried it since I don't use ipfw. Yep that worked for me kenv -u net.inet.ip.fw.default_to_accept=1 Thanks to all who replied.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?5C0DA3C2.70508>