kldload ipfw, with IPFIREWALL_DEFAULT_TO_ACCEPT
Karl Pielorz
kpielorz_lst at tdx.co.uk
Mon Jul 29 12:23:36 UTC 2013
--On 29 July 2013 12:30 +0100 Simon Dick <simond at irrelevant.org> wrote:
> My normal way is to run the kldload in screen and manually run an allow
> all right afterwards
> e.g.
>
> kldload ipfw && ipfw <blah>... :)
Yeah, that would probably work - I'm more concerned what impact it would
have on the CARP interfaces on the box - i.e. if they get 'cut off' even
for a fractional period, they may decide they are the new master (or worse,
other boxes may decide they need to become the new master).
If there's no way of getting a 'default allow' on kldload (other than the
workaround kind of way) it looks like I'll just have to plan for a cut off
of things like CARP, and design around it :(
Cheers,
-Karl
More information about the freebsd-hackers
mailing list