need ipfw clarification
Roberto Nunnari
roberto.nunnari at supsi.ch
Thu Feb 3 12:02:40 PST 2005
Hi Duane.
I had the same problem.. With 5.2.1 I had working forward rules
and that were broke with 5.3
after some fiddling I managed to have that work again.. just
add them to your kernel:
options IPFIREWALL
options IPFIREWALL_DEFAULT_TO_ACCEPT
options IPFIREWALL_VERBOSE
options IPFIREWALL_FORWARD
if you don't add them to your kernel, forwarding in ipfw will
be disabled.
Ciao.
Duane Winner wrote:
> Hello,
>
> I noticed that after enabling firewall in my kernel (5.3-release), my
> dmesg now gives me this:
>
> ipfw2 initialized, divert disabled, rule-based forwarding disabled,
> default to accept, logging limited to 5 packets/entry by default
>
>
> On 5.2.1, I used to get this:
>
> ipfw2 initialized, divert disabled, rule-based forwarding enabled,
> default to accept, logging disabled
>
> If both cases, I am adding this to my KERNEL config:
>
> options IPFIREWALL
> options IPFIREWALL_DEFAULT_TO_ACCEPT
>
>
> It seems that the major difference between 5.2.1 and 5.3 is that now
> rule-based forwarding is disabled.
>
> Is this correct? And what exactly is rule-based forwarding? I'm guessing
> that it doesn't really apply to my situation, as in these cases, I am
> using IPFW to create a deny all inbound to my laptop when I'm on the
> road. But I just want to make sure.
>
> Thanks,
> DW
> _______________________________________________
> freebsd-security at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-security
> To unsubscribe, send any mail to "freebsd-security-unsubscribe at freebsd.org"
--
Roberto Nunnari -software engineer-
mailto:roberto.nunnari at supsi.ch
Scuola Universitaria Professionale della Svizzera Italiana
Dipartimento Tecnologie Innovative
http://www.dti.supsi.ch
SUPSI-DTI
Via Cantonale tel: +41-91-6108561
6928 Manno """ fax: +41-91-6108570
Switzerland (o o)
=======================oOO==(_)==OOo========================
More information about the freebsd-security
mailing list