Date: Tue, 14 Sep 2010 21:57:21 -0500 From: Brandon Gooch <jamesbrandongooch@gmail.com> To: Gareth de Vaux <bsd@lordcow.org> Cc: ipfw@freebsd.org Subject: Re: phantom rules Message-ID: <AANLkTikjBA4aBXJ1JO%2B28CkNmcbC4qYkcmueTQhPnA0J@mail.gmail.com> In-Reply-To: <20100909131733.GA21535@lordcow.org> References: <20100909131733.GA21535@lordcow.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, Sep 9, 2010 at 8:17 AM, Gareth de Vaux <bsd@lordcow.org> wrote: > Hi all, for some reason these rules get loaded on boot up before the > ones I specify in a file: > > 00100 =A0 0 =A0 =A0 0 allow ip from any to any via lo0 > 00200 =A0 0 =A0 =A0 0 deny ip from any to 127.0.0.0/8 > 00300 =A0 0 =A0 =A0 0 deny ip from 127.0.0.0/8 to any > 00400 =A0 0 =A0 =A0 0 deny ip from any to ::1 > 00500 =A0 0 =A0 =A0 0 deny ip from ::1 to any > 00600 =A0 0 =A0 =A0 0 allow ipv6-icmp from :: to ff02::/16 > 00700 =A0 0 =A0 =A0 0 allow ipv6-icmp from fe80::/10 to fe80::/10 > 00800 =A0 0 =A0 =A0 0 allow ipv6-icmp from fe80::/10 to ff02::/16 > 00900 =A0 0 =A0 =A0 0 allow ipv6-icmp from any to any ip6 icmp6types 1 > 01000 =A0 0 =A0 =A0 0 allow ipv6-icmp from any to any ip6 icmp6types 2,13= 5,136 > > I just flush this manually but how do I stop the behaviour properly? > > My rc.conf entries: > > firewall_enable=3D"YES" > firewall_type=3D"/usr/local/etc/firewall" > firewall_logging=3D"YES" I would begin by reading: $ man 7 firewall $ man 5 rc.conf $ less /etc/rc.firewall I think the source of /etc/rc.firewall may be most enlightening in regard to the behavior in question (setup_loopback(), setup_ipv6_mandatory(), etc...). Have fun, and don't get discouraged (speaking from experience) :) -Brandon
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?AANLkTikjBA4aBXJ1JO%2B28CkNmcbC4qYkcmueTQhPnA0J>