[Bug 238694] Configuring & using a customized IPFW rule set now causes additional rles to be (involuntarily) added
bugzilla-noreply at freebsd.org
bugzilla-noreply at freebsd.org
Wed Jun 19 22:05:14 UTC 2019
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=238694
rkoberman at gmail.com changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |rkoberman at gmail.com
--- Comment #2 from rkoberman at gmail.com ---
It is not a bug as it is mandatory for IPv6 support. Without those rules, the
network startup will hang. If IPv6 is disabled, it ould be best if those rules
were NOT added and that might be a bug, but, assuming the default setting of
deny_by_default, the firewall is always started before the network and
deny_by_default will block ICMPv6 resulting in the system startup never
completing.
I concede that this needs to be clearly documented, but the behavior is
mandatory. like the localhost name, loopback configurtion, and the terminal
"65535 deny ip from any to any" for deny-by-default, these are simply required
or normal network operations.
--
You are receiving this mail because:
You are the assignee for the bug.
More information about the freebsd-ipfw
mailing list