Date: Fri, 16 Mar 2007 14:55:58 -0700 From: "Kevin Oberman" <oberman@es.net> To: Pertti Kosunen <pertti.kosunen@pp.nic.fi> Cc: freebsd-stable@freebsd.org Subject: Re: rc.order wrong (ipfw) Message-ID: <20070316215558.6D33F45047@ptavv.es.net> In-Reply-To: Your message of "Fri, 16 Mar 2007 15:40:44 %2B0200." <45FA9E5C.1060404@pp.nic.fi>
next in thread | previous in thread | raw e-mail | index | archive | help
--==_Exmh_1174082158_3434P Content-Type: text/plain; charset=us-ascii Content-Disposition: inline > Date: Fri, 16 Mar 2007 15:40:44 +0200 > From: Pertti Kosunen <pertti.kosunen@pp.nic.fi> > Sender: owner-freebsd-stable@freebsd.org > > JoaoBR wrote: > > I don't agree to what you say > > what sense does it make to have my forward rules up but natd still not? > > what sense does it makes logging while syslog is not up? > > What would it forward & log when network isn't up? Hmm. Let's see. Maybe the stuff that happens between the start of the network and the start of ipfw? Remember that, by default, until ipfw starts, there is a default 65535 deny ip from any to any in the firewall, thus blocking everything until ipfw starts. You should either not build ipfw into the kernel or build with the IPFIREWALL_DEFAULT_TO_ACCEPT option if you want something to be able to pass through the network before ipfw starts. (Hint, if you run IPv6, you probably do.) -- R. Kevin Oberman, Network Engineer Energy Sciences Network (ESnet) Ernest O. Lawrence Berkeley National Laboratory (Berkeley Lab) E-mail: oberman@es.net Phone: +1 510 486-8634 Key fingerprint:059B 2DDF 031C 9BA3 14A4 EADA 927D EBB3 987B 3751 --==_Exmh_1174082158_3434P Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (FreeBSD) Comment: Exmh version 2.5 06/03/2002 iD8DBQFF+xJukn3rs5h7N1ERAs0kAKCDOp5k8TeRgwW5zaJY7BC/jJs9rgCggfks 5ggV+BKlr1qKcQ8uTPF3zPE= =mSAL -----END PGP SIGNATURE----- --==_Exmh_1174082158_3434P--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20070316215558.6D33F45047>