Firewall enabling confusion.
itetcu at apropo.ro
Fri Feb 27 13:09:40 PST 2004
On Fri, 27 Feb 2004 15:43:16 -0500
"Shaun T. Erickson" <ste at ste-land.com> wrote:
> Warren Block wrote:
> > On Fri, 27 Feb 2004, Shaun T. Erickson wrote:
> >>Thanks! Yes, the ipfw.ko module is getting loaded. So now I just
> >need to>know how to enable things like divert and logging.
> > /etc/rc.firewall has examples.
> I looked at that. That's not what I mean. :) I mean, if I do not have
> to build a new kernel to enable firewalling, logging and divert, then
> how do I enable them, such that the following line from my messages
> file would show that they have been enabled?
> Adding firewall_enable="YES" to rc.conf caused the ipfw module to be
> loaded, enabling firewalling. Adding firewall_logging="YES" did *not*
> enable logging in the message file line shown below. How do I do that?
sysctl -a | grep ip.fw
for logging do:
sysctl -w net.inet.ip.fw.verbose: 1
sysctl -w net.inet.ip.fw.verbose_limit: 5
see also man ipfw, it will answer your questions.
> How would I get that line to show divert as being enabled? I may be
> wrong (correct me if I am, please), but doesn't that line have to show
> them as enabled, before I can successfully make use of them in ipfw
> commands like those you pointed me to in rc.firewall? What if I want
> that line to report that the default is open, instead of deny?
AFAIK recompile with IPFW_DEFAUL_TO_ACCEPT, but it would be a bad thing.
> Feb 27 14:37:22 peter kernel: ipfw2 initialized, divert disabled,
> rule-based forwarding enabled, default to deny, logging disabled
> freebsd-questions at freebsd.org mailing list
> To unsubscribe, send any mail to
> "freebsd-questions-unsubscribe at freebsd.org"
Unregistered ;) FreeBSD user
More information about the freebsd-questions