From owner-freebsd-questions Mon Sep 24 15:12:56 2001 Delivered-To: freebsd-questions@freebsd.org Received: from blueyonder.co.uk (pcow035o.blueyonder.co.uk [195.188.53.121]) by hub.freebsd.org (Postfix) with ESMTP id ADE6937B411 for ; Mon, 24 Sep 2001 15:12:52 -0700 (PDT) Received: from lexx.my.domain ([62.31.194.68]) by blueyonder.co.uk with Microsoft SMTPSVC(5.5.1877.687.68); Mon, 24 Sep 2001 23:13:10 +0100 From: John Murphy To: "Mark" Cc: questions@FreeBSD.ORG Subject: Re: ipfilter with FreeBSD 4.4 question Date: Mon, 24 Sep 2001 23:16:50 +0100 Organization: poor Reply-To: jfm@blueyonder.co.uk Message-ID: References: In-Reply-To: X-Mailer: Forte Agent 1.8/32.548 MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: quoted-printable Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG "Mark" wrote: >I'm running ipfilter on my FreeBSD 4.4 box. > >#dmesg > >--snip-- >IP Filter: v3.4.20 initialized. Default =3D pass all, Logging =3D = enabled >--snip-- > >1. Where does it look by default for ipf.rules to set up the rules? > >If I place the following in my /etc/rc.conf file: > >ipfilter_enable=3D"YES" >ipfilter_program=3D"/sbin/ipf -Fa -f" >ipfilter_rules=3D"/usr/local/etc/ipfilter/ipf.rules" > >The firewall works but I get ipfilter already initialized in dmesg. > >2. What is telling FreeBSD to start ipf when I don't have = ipfilter_enabled >even in the rc.conf? You need one more line in /etc/rc.conf to say: ipfilter_flags=3D"" Which will over-ride the default setting. =46rom /etc/defaults/rc.conf ipfilter_flags=3D"-E" # should be *empty* when ipf is _not_ a= module # (i.e. compiled into the kernel) to # avoid a warning about "already = initialized" John. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message