From owner-freebsd-bugs  Sun Jun 30 20:30: 8 2002
Delivered-To: freebsd-bugs@hub.freebsd.org
Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 6D23337B401
	for <freebsd-bugs@hub.freebsd.org>; Sun, 30 Jun 2002 20:30:05 -0700 (PDT)
Received: from freefall.freebsd.org (freefall.FreeBSD.org [216.136.204.21])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 2D3CB43E09
	for <freebsd-bugs@hub.freebsd.org>; Sun, 30 Jun 2002 20:30:05 -0700 (PDT)
	(envelope-from gnats@FreeBSD.org)
Received: from freefall.freebsd.org (gnats@localhost [127.0.0.1])
	by freefall.freebsd.org (8.12.4/8.12.4) with ESMTP id g613U5JU010119
	for <freebsd-bugs@freefall.freebsd.org>; Sun, 30 Jun 2002 20:30:05 -0700 (PDT)
	(envelope-from gnats@freefall.freebsd.org)
Received: (from gnats@localhost)
	by freefall.freebsd.org (8.12.4/8.12.4/Submit) id g613U4Fo010118;
	Sun, 30 Jun 2002 20:30:04 -0700 (PDT)
Date: Sun, 30 Jun 2002 20:30:04 -0700 (PDT)
Message-Id: <200207010330.g613U4Fo010118@freefall.freebsd.org>
To: freebsd-bugs@FreeBSD.org
Cc: 
From: Brooks Davis <brooks@one-eyed-alien.net>
Subject: Re: misc/40041: firewall and network devices while booting
Reply-To: Brooks Davis <brooks@one-eyed-alien.net>
Sender: owner-freebsd-bugs@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-bugs.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-bugs>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-bugs>
X-Loop: FreeBSD.org

The following reply was made to PR misc/40041; it has been noted by GNATS.

From: Brooks Davis <brooks@one-eyed-alien.net>
To: "-=::(Zyx)::=-" <zyx@stv.sk>
Cc: Brooks Davis <brooks@one-eyed-alien.net>,
	freebsd-gnats-submit@FreeBSD.ORG
Subject: Re: misc/40041: firewall and network devices while booting
Date: Sun, 30 Jun 2002 20:24:57 -0700

 On Mon, Jul 01, 2002 at 01:23:03AM +0200, -=::(Zyx)::=- wrote:
 > I have default policy deny. But in case when interface is up and ipfw is 
 > loading system accepts all traffic..
 
 It doesn't matter what you ruleset does.  If you have
 IPFIREWALL_DEFAULT_TO_ACCEPT in you kernel you will accept packets
 before you configure your firewall.  If you don't want to do this, remove
 this option.  If you won't have this option in your kernel, and you are
 recieving packets before your rules are configured there's an issue,
 otherwise it's your problem.
 
 -- Brooks

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-bugs" in the body of the message