Date: Mon, 18 May 2009 17:15:13 +0400 From: Eygene Ryabinkin <rea-fbsd@codelabs.ru> To: Sebastian Mellmann <sebastian.mellmann@net.t-labs.tu-berlin.de> Cc: freebsd-net@freebsd.org Subject: Re: ipfw firewall_type 'OPEN' Message-ID: <P0PYXMVI6cdF9pdhQebsVbVmAjI@cgr/Aoyjz11KtFDB23HMnFSn04s> In-Reply-To: <1242648290.31782.9.camel@python.net.t-labs.tu-berlin.de> References: <1242648290.31782.9.camel@python.net.t-labs.tu-berlin.de>
next in thread | previous in thread | raw e-mail | index | archive | help
Sebastian,
Mon, May 18, 2009 at 02:04:50PM +0200, Sebastian Mellmann wrote:
> 00010 allow ip from any to any via lo0
> 65000 allow ip from any to any
> 65535 deny ip from any to any
>
>
> The problem is, if I execute my own ipfw script and flush the rules via
> 'ipfw -q -f flush'
> and
> 'ipfw -q -f pipe flush'
> I'm loosing my ssh connection to that machine.
> Is there any chance to remove the rule 65535 or change it to allow
> instead of deny?
Yes, insert
-----
options IPFIREWALL_DEFAULT_TO_ACCEPT
-----
to your kernel configuration, rebuild, install and use new kernel.
--
Eygene
_ ___ _.--. #
\`.|\..----...-'` `-._.-'_.-'` # Remember that it is hard
/ ' ` , __.--' # to read the on-line manual
)/' _/ \ `-_, / # while single-stepping the kernel.
`-'" `"\_ ,_.-;_.-\_ ', fsc/as #
_.-'_./ {_.' ; / # -- FreeBSD Developers handbook
{_.-``-' {_/ #
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?P0PYXMVI6cdF9pdhQebsVbVmAjI>