kldload ipfw, with IPFIREWALL_DEFAULT_TO_ACCEPT

Karl Pielorz kpielorz_lst at tdx.co.uk
Mon Jul 29 12:23:36 UTC 2013


--On 29 July 2013 12:30 +0100 Simon Dick <simond at irrelevant.org> wrote:

> My normal way is to run the kldload in screen and manually run an allow
> all right afterwards
> e.g.
>
> kldload ipfw && ipfw <blah>... :)

Yeah, that would probably work - I'm more concerned what impact it would 
have on the CARP interfaces on the box - i.e. if they get 'cut off' even 
for a fractional period, they may decide they are the new master (or worse, 
other boxes may decide they need to become the new master).

If there's no way of getting a 'default allow' on kldload (other than the 
workaround kind of way) it looks like I'll just have to plan for a cut off 
of things like CARP, and design around it :(

Cheers,

-Karl




More information about the freebsd-hackers mailing list