Date: Tue, 28 May 2002 15:09:41 -0600 From: Irwan Hadi <irwanhadi@phxby.com> To: Jeff Jirsa <jeff@boris.st.hmc.edu> Cc: Irwan Hadi <irwanhadi@phxby.com>, freebsd-questions@FreeBSD.ORG, freebsd-stable@FreeBSD.ORG Subject: Re: Server won't boot after recompile the kernel with ipfw support Message-ID: <20020528150941.A24676@phxby.com> In-Reply-To: <20020528133316.S16405-100000@boris.st.hmc.edu>; from jeff@boris.st.hmc.edu on Tue, May 28, 2002 at 02:39:03PM -0600 References: <20020528142640.A22370@phxby.com> <20020528133316.S16405-100000@boris.st.hmc.edu>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, May 28, 2002 at 02:39:03PM -0600, Jeff Jirsa wrote: > On Tue, 28 May 2002, Irwan Hadi wrote: > > > Dear All, > > > > compiled successfully. But why after I recompile the kernel for the > > second time, with > > options IPFIREWALL > > options IPFIREWALL_VERBOSE > > options IPFIREWALL_VERBOSE_LIMIT=10 according to > > http://www.freebsd.org/handbook/firewalls.html, the server can't be > > ping-ed anymore ? > > I did check the configuration using /usr/bin/config my-kernel, and it > > worked just fine, and there was no error in the make depend, and make > > stage. > > Does anyone has ever got the same problem ? May I know it A.S.A.P, > > because the server is a colocated one, and I need to give instructions > > to the person who is going to "fix" the server. > > > > Did you specify any of the firewall rules / configuration before > rebooting? The default deny rules will keep you from connecting to the > box until you set up new rules that will accept connections. You'll want > to check and modify the firewall_ lines in /etc/defaults/rc.conf . No I didn't because I'm accustomed on Linux that the default policy is open, unless it is defined otherwise. > > The ipfw man page suggests being at the console when you enable the > firewall for this precise reason. > > The way to fix this problem is to log in at the console (or have someone > else do it for you) and add the following rule: > > ipfw add 100 allow ip from any to any > > > This will open up the firewall, and allow you to connect. You'll no doubt > want to delete that rule when you add your own custom rules. man ipfw(8) > will help you when you get around to doing that. Thanks for your info. I will ask the person who near with the server to issue that command from the console then. BTW how can I keep the firewall rules to be permanent on FreeBSD ? Put it on rc.firewall, or create another script that runs everytime the server gets rebooted ? Thanks To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020528150941.A24676>