Converting from IPFW to IPFILTER

Aaron Peterson dopplecoder at gmail.com
Mon Oct 10 08:27:24 PDT 2005


On 10/10/05, Brian E. Conklin <bconklin at masongeneral.com> wrote:
>
> So I am assuming because IPFW is built into the kernel with a "default to
> deny" option, I will need an IPFW rule allowing everything? Or, can I change
> my rc.conf to have IPFIREWALL_ENABLE="NO"?
>

IPFW can be compiled static into the kernel, or it can be loaded as a
module.  My understanding is that when loading as a module, default
deny is your only option.  If you compile into the kernel with
"options IPFFIREWALL_DEFAULT_TO_ACCEPT" then you get the obvious
results.  This is all in the handbook by the way:

http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/firewalls-ipfw.html

Aaron


More information about the freebsd-questions mailing list