friar_josh at webwarrior.net
Wed Apr 23 11:39:33 PDT 2003
On Wed, Apr 23, 2003 at 12:29:46PM -0700, felix at rapidaxcess.com wrote:
> To whom it may concern:
> I am in the process of setting up my first firewalled machine, on the bench
> thank God.
> I have poured over the manual pages multiple times and am stuck here...
> I seem to have everything under control with rules set up to allow me in on
> boot. Now I need to change the default rule (65535) to deny instead of accept.
> I have removed the kernel config line: options IPFIREWALL_DEFAULT_TO_ACCEPT
> recompiled and rebooted 2 times, still the default is accept.
> I hate to hack by adding a rule 65000 to deny just for a work around, if
> that would even work...
> Thanks in advance! And keep up the great work, all of my servers run FreeBSD!
> Bryan Felix
> felix at rapidaxcess.com
Well, adding that rule would work, but it would be a hack. Are you SURE you
are booting the kernel you think you are? Try renaming the kernel with the
IPFIREWALL_DEFAULT_TO_ALLOW option removed to a different name and see if
that's the kernel you're actually booting after the rebuild process. I've
seen two different 5.0 boxes in particular not boot the correct kernel after a
rebuild in the last two weeks.
More information about the freebsd-questions