Date: Mon, 18 May 2009 14:13:49 +0200 From: =?ISO-8859-1?Q?Marius_N=FCnnerich?= <marius@nuenneri.ch> To: Sebastian Mellmann <sebastian.mellmann@net.t-labs.tu-berlin.de> Cc: freebsd-net@freebsd.org Subject: Re: ipfw firewall_type 'OPEN' Message-ID: <b649e5e0905180513sef7a15bl9eab27128221c12e@mail.gmail.com> In-Reply-To: <1242648290.31782.9.camel@python.net.t-labs.tu-berlin.de> References: <1242648290.31782.9.camel@python.net.t-labs.tu-berlin.de>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, May 18, 2009 at 14:04, Sebastian Mellmann <sebastian.mellmann@net.t-labs.tu-berlin.de> wrote: > Hi everyone! > > I've set the following parameters in rc.conf: > > gateway_enable="YES" > firewall_enable="YES" > firewall_type="OPEN" > firewall_logging="YES" > > When I took a look at the ruleset I see: > > 00010 allow ip from any to any via lo0 > 65000 allow ip from any to any > 65535 deny ip from any to any > > > The problem is, if I execute my own ipfw script and flush the rules via > 'ipfw -q -f flush' > and > 'ipfw -q -f pipe flush' > I'm loosing my ssh connection to that machine. > Is there any chance to remove the rule 65535 or change it to allow > instead of deny? > > I've got another FreeBSD machine here (7.0) where the default setting is > '65535 allow ip from any to any', when using firwall_type OPEN. > Both rc.conf files are the same! > There is a kernel option to do, see ipfw(4).
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?b649e5e0905180513sef7a15bl9eab27128221c12e>