From owner-freebsd-hackers@FreeBSD.ORG Mon Jul 29 11:27:39 2013 Return-Path: Delivered-To: freebsd-hackers@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTP id 25372FA9; Mon, 29 Jul 2013 11:27:39 +0000 (UTC) (envelope-from kpielorz_lst@tdx.co.uk) Received: from mail.tdx.com (mail.tdx.com [62.13.128.18]) by mx1.freebsd.org (Postfix) with ESMTP id E09B72055; Mon, 29 Jul 2013 11:27:38 +0000 (UTC) Received: from Mail-PC.tdx.co.uk (storm.tdx.co.uk [62.13.130.251]) (authenticated bits=0) by mail.tdx.com (8.14.3/8.14.3/) with ESMTP id r6TBRabe098683 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Mon, 29 Jul 2013 12:27:37 +0100 (BST) Date: Mon, 29 Jul 2013 12:27:40 +0100 From: Karl Pielorz To: Stefan Esser , freebsd-hackers@freebsd.org Subject: Re: kldload ipfw, with IPFIREWALL_DEFAULT_TO_ACCEPT Message-ID: In-Reply-To: <51F64BCC.9000301@freebsd.org> References: <1D6BF13DFC536AFC94EC6D64@Mail-PC.tdx.co.uk> <51F64BCC.9000301@freebsd.org> X-Mailer: Mulberry/4.0.8 (Win32) MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Content-Disposition: inline X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 29 Jul 2013 11:27:39 -0000 --On 29 July 2013 13:02 +0200 Stefan Esser wrote: > I guess you were looking for: > > net.inet.ip.fw.default_to_accept="1" > > which is a tunable to be set in /boot/loader.conf ... Very probably - but that's at boot time :( - Is there nothing I can do at kldload time to have the initial kldload give me a 'allow ip from any to any' rule as it loads? (thus not affecting traffic on the machine, or more importantly the CARP interfaces)? -Karl