enable IPFIREWALL_DEFAULT_TO_ACCEPT for GENERIC kernel
Paul B. Mahol
onemda at gmail.com
Mon Jun 15 09:16:58 UTC 2009
On 6/15/09, subbsd <subbsd at gmail.com> wrote:
> Hello
>
> On Monday 15 June 2009 12:37:08 membrana wrote:
>> subbsd wrote:
>> > Hello maillist,
>> >
>> > Whether there is a way for booting GENERIC kernel with
>> > ipfw_load="YES"
>> >
>> > and
>> >
>> > 65535 allow ip from any to any
>> >
>> > rules without recompile kernel with options IPFIREWALL_DEFAULT_TO_ACCEPT
>> > ?
>> >
>> > This is single options who force me customize my own kernel with
>> > freebsd-
>> > update.
>> >
>> > Thanks!
>>
>> put ipfw_load="YES" in /boot/loader.conf - keep in mind default is deny
>>
> ...
> As i understand, no way for make permit by default when ipfw.ko is loading,
> before running rc-/user-scripts (rc/rc.firewall...) ? Thanks
put "net.inet.ip.fw.default_to_accept=1" in /etc/sysctl.conf
I guess that rc.d/sysctl is run before rc.d/ipfw
--
Paul
More information about the freebsd-questions
mailing list