Date: Tue, 6 Nov 2007 10:14:24 -0500 From: "Bob Johnson" <fbsdlists@gmail.com> To: "Nikos Vassiliadis" <nvass@teledomenet.gr> Cc: freebsd-questions@freebsd.org Subject: Re: ip6fw without ipfw? Message-ID: <54db43990711060714j44df835eq2b8719c433e7266@mail.gmail.com> In-Reply-To: <200711061125.37689.nvass@teledomenet.gr> References: <54db43990711051454m8d4ecaaq24cc1bbbf02bfe0d@mail.gmail.com> <200711061125.37689.nvass@teledomenet.gr>
next in thread | previous in thread | raw e-mail | index | archive | help
On 11/6/07, Nikos Vassiliadis <nvass@teledomenet.gr> wrote: > On Tuesday 06 November 2007 00:54:36 Bob Johnson wrote: > > So is it a bug or a feature that enabling ip6fw (/etc/rc.d/ip6fw > > start) also enables ipfw (the ipv4 version)? I didn't see it mentioned > > in IP6FW(8). > > > > It sure surprised me when I was exploring IPv6 setup and I enabled > > ip6fw without configuring the IPv4 rc.firewall. Locked me out of the > > remote system, because ssh won't let me log in on IPv6 (I'll post that > > question in another message), and ipfw came up and locked me out via > > IPv4. Forced me to go out and enjoy the nice weather yesterday instead > > of playing with IPv6 all day... > > Can't replicate what you said. I am running 6.2-STABLE from June. > I loaded the ip6fw module and ipfw is not loaded. I also ran the > ip6fw rc script. Nothing happened regarding ipfw. > > root:0:/cdrom# ip6fw show > 65535 0 0 deny ipv6 from any to any > root:0:/cdrom# ipfw show > ipfw: getsockopt(IP_FW_GET): Protocol not available > > If you can replicate the problem, please report it. > > Nikos > Sorry I forgot to mention that this is on 7.0-BETA1. I find that it only happens the first time I enable the firewall after rebooting. I remove the firewall_enable and ipv6_firewall_enable lines in rc.conf, reboot the system, then put the lines back in rc.conf. Then /etc/rc.d/ip6fw start also starts ipfw. I'm pretty sure that when this happens, ipfw doesn't load its rules from /etc/rc.firewall, so it is running with only the default deny rule (I'll try to confirm that some time today, but first I need to get some real work done this morning). After the firewall has been enabled and disabled, re-enabling ip6fw doesn't seem to affect ipfw. Since this is apparently a bug, I'll file a PR. I'm going to install 7.0-BETA2 later today, I'll try again on that. - Bob
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?54db43990711060714j44df835eq2b8719c433e7266>