Date: Mon, 24 Sep 2001 23:16:50 +0100 From: John Murphy <jfm@blueyonder.co.uk> To: "Mark" <meinreinhof@mep.nist.gov> Cc: questions@FreeBSD.ORG Subject: Re: ipfilter with FreeBSD 4.4 question Message-ID: <mvbvqtk7o5aeopad56r99brfu49i7oepjb@4ax.com> In-Reply-To: <JPEELEKOHJAADFDHOEOFIENHCAAA.meinreinhof@mep.nist.gov> References: <JPEELEKOHJAADFDHOEOFIENHCAAA.meinreinhof@mep.nist.gov>
next in thread | previous in thread | raw e-mail | index | archive | help
"Mark" <meinreinhof@mep.nist.gov> wrote:
>I'm running ipfilter on my FreeBSD 4.4 box.
>
>#dmesg
>
>--snip--
>IP Filter: v3.4.20 initialized. Default = pass all, Logging = enabled
>--snip--
>
>1. Where does it look by default for ipf.rules to set up the rules?
>
>If I place the following in my /etc/rc.conf file:
>
>ipfilter_enable="YES"
>ipfilter_program="/sbin/ipf -Fa -f"
>ipfilter_rules="/usr/local/etc/ipfilter/ipf.rules"
>
>The firewall works but I get ipfilter already initialized in dmesg.
>
>2. What is telling FreeBSD to start ipf when I don't have ipfilter_enabled
>even in the rc.conf?
You need one more line in /etc/rc.conf to say:
ipfilter_flags=""
Which will over-ride the default setting.
From /etc/defaults/rc.conf
ipfilter_flags="-E" # should be *empty* when ipf is _not_ a module
# (i.e. compiled into the kernel) to
# avoid a warning about "already initialized"
John.
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?mvbvqtk7o5aeopad56r99brfu49i7oepjb>