Missing mention in ipfw in the Handbook

Foo Ji-Haw jhfoo at nexlabs.com
Wed Oct 5 20:23:57 PDT 2005


For what it's worth, I'd like highlight a key point I think is missing, in the ipfw section of the Handbook. This has been discussed earlier with help from this mailing list community. I am just formalising the documentation.

The firewall that comes with the default kernel (at least on the 5.4 release) comes with forwarding disabled. As a result, if you try to do a ipfw fwd (or ipfw forward), you will get a getsockopt error.

The Handbook (at this time of writing) did not mention the inclusion of:
options IPFIREWALL_FORWARD

Recompiling the kernel with this thrown in will activate forwarding by default. I do not know if there is a sysctl parameter which can avoid the kernel recompile. If there is one, kindly contribute to the knowledge base (aka mailing list).

Hopefully this post will save the next FreeBSDer precious time.



More information about the freebsd-questions mailing list