rc.order wrong (ipfw)

Mark Andrews Mark_Andrews at isc.org
Sat Mar 17 12:11:03 UTC 2007 

> On Saturday 17 March 2007 03:58, Mark Andrews wrote:
> 
> > > > nothing goes to this machine because by default everything is blocked
> > > > until
> > > >
> > > > you permit it
> > >
> > > You're absolutely correct, however your original post seems to have
> > > taken many of us by surprise, causing some of us (at least me!) to
> > > assume that you've changed the default method to allow.  I'm obviously
> > > misunderstanding, so I apologise for that, but I hope you can see the
> > > reasoning behind my comments with what I knew at the time.  :)
> >
> > 	ipfw needs to be before networking or router discovery
> > 	fails for IPv6.
> >
> > 	http://www.freebsd.org/cgi/query-pr.cgi?pr=conf/108589
> >
> 
> 
> as default any network connection will fail so long as you do not permit it
> 
> If rtsol fails or is called to early it is an rtsol problem and not an ipfw 
> problem I guess
> 
> as another example, what if you set a ifconfig_nic0="inet hostname" instead o
> f 
> IP address and this hostname is not in /etc/hosts and ipfw is still not up 
> and named is far away to start, then, according to your idea we need to start

	If you do that then the address must be in /etc/hosts.
  
> named and ipfw before netif?

	ip6fw is before networking. ipfw is supposed to be taking
	over from ip6fw.  ipfw and ip6wf should be started at a
	similar time.

	rtsol is approximately the equivalent to DHCP.  The machine is
	requesting a address from the network.  It doesn't matter if
	it is a router or a DHCP server that is suppling the address.

	DHCP only works because it bypasses the firefall.

	Mark
 
> -- 
> 
> João
> 
> 
> 
> 
> 
> 
> 
> A mensagem foi scaneada pelo sistema de e-mail e pode ser considerada segura.
> Service fornecido pelo Datacenter Matik  https://datacenter.matik.com.br
> _______________________________________________
> freebsd-stable at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-stable
> To unsubscribe, send any mail to "freebsd-stable-unsubscribe at freebsd.org"
> 
-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: Mark_Andrews at isc.org

More information about the freebsd-stable mailing list