Firewall enabling confusion.

Ion-Mihai Tetcu itetcu at
Fri Feb 27 13:09:40 PST 2004

On Fri, 27 Feb 2004 15:43:16 -0500
"Shaun T. Erickson" <ste at> wrote:

> Warren Block wrote:
> > On Fri, 27 Feb 2004, Shaun T. Erickson wrote:
> > 
> > 
> >>Thanks! Yes, the ipfw.ko module is getting loaded. So now I just
> >need to>know how to enable things like divert and logging.
> > 
> > 
> > /etc/rc.firewall has examples.
> I looked at that. That's not what I mean. :) I mean, if I do not have
> to build a new kernel to enable firewalling, logging and divert, then
> how do I enable them, such that the following line from my messages
> file would show that they have been enabled?

> Adding firewall_enable="YES" to rc.conf caused the ipfw module to be 
> loaded, enabling firewalling. Adding firewall_logging="YES" did *not* 
> enable logging in the message file line shown below. How do I do that?

sysctl -a | grep ip.fw 
for logging do:
sysctl -w net.inet.ip.fw.verbose: 1
sysctl -w net.inet.ip.fw.verbose_limit: 5

see also man ipfw, it will answer your questions.
> How would I get that line to show divert as being enabled? I may be 
> wrong (correct me if I am, please), but doesn't that line have to show
> them as enabled, before I can successfully make use of them in ipfw 
> commands like those you pointed me to in rc.firewall? What if I want 
> that line to report that the default is open, instead of deny?

AFAIK recompile with IPFW_DEFAUL_TO_ACCEPT, but it would be a bad thing.

> Feb 27 14:37:22 peter kernel: ipfw2 initialized, divert disabled, 
> rule-based forwarding enabled, default to deny, logging disabled
> 	-ste
> _______________________________________________
> freebsd-questions at mailing list
> To unsubscribe, send any mail to
> "freebsd-questions-unsubscribe at"
> !DSPAM:403faf7e32055386612425!

Unregistered ;) FreeBSD user

More information about the freebsd-questions mailing list