Date: Sat, 30 Apr 2005 10:56:29 -0400 From: "Michael Scheidell" <scheidell@secnap.net> To: "Siddhartha Jain" <sid@netmagicsolutions.com>, <freebsd-security@freebsd.org> Subject: RE: IPFW disconnections and resets Message-ID: <B3BCAF4246A8A84983A80DAB50FE72423D1D52@secnap2.secnap.com>
next in thread | raw e-mail | index | archive | help
> -----Original Message----- > From: owner-freebsd-security@freebsd.org > [mailto:owner-freebsd-security@freebsd.org] On Behalf Of > Siddhartha Jain > Sent: Friday, April 29, 2005 8:21 AM > To: freebsd-security@freebsd.org > Subject: Re: IPFW disconnections and resets > > Just out of curiosity, why is that IPFW behaves this way and > PF and IPF don't? > > - Siddhartha I think if you recompile kernel with: options IPFIREWALL_DEFAULT_TO_ACCEPT (default is to deny) then it will work like pf and ipf. Think about it, if default is to deny, and you just flushed all the rules, it did exactlay what you told it to do: deny all connections by default. This also may explain the one thag gets dropped 1% of the time.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?B3BCAF4246A8A84983A80DAB50FE72423D1D52>