phantom rules
Ian Smith
smithi at nimnet.asn.au
Wed Sep 15 16:34:26 UTC 2010
On Wed, 15 Sep 2010, Gareth de Vaux wrote:
> On Wed 2010-09-15 (14:39), Ian Smith wrote:
> > Indeed, that's where these have come from (and Gareth, you DO want those
> > rules, including the ipv6_mandatory ones if running ipv6)
>
> I don't, because I run my own from my own file. (I'm not using ipv6
> either).
Ok. You do have inet6 available, which is why those rules were added.
> > but I suspect that you may have rather intended this to be:
> >
> > firewall_script="/usr/local/etc/firewall"
>
> Nope I intended it as before - firewall_type="<filename>", and my file is
> in the format you mention later, and it works, just preceded with that
> stuff I didn't ask for.
>
> The first line in /usr/local/etc/firewall for example is:
>
> add pass all from any to any via lo0
>
> so I end up with 2 of these rules, plus that other stuff.
>
> So are there some variables I can set that disable this second-guessing
> behaviour?
Using '-f flush' as your first ipfw command should do the job, just as
rc.firewall did before calling setup_loopback and setup_ipv6_mandatory.
cheers, Ian
More information about the freebsd-ipfw
mailing list