Change IPFW default to allow
carlj at peak.org
Sun Dec 9 22:22:04 UTC 2018
Ernie Luzar <luzar722 at gmail.com> writes:
> Michael Sierchio wrote:
>> sysctl net.inet.ip.fw.default_to_accept=1
>> On Sun, Dec 9, 2018 at 10:08 AM Ernie Luzar <luzar722 at gmail.com> wrote:
>>> Is there a sysctl nib to reset the ipfw default from deny all to allow
>>> all? Some thing that works without rebooting the system.
> sysctl net.inet.ip.fw.default_to_accept=1 doesn't work.
> unknown oid
> I believe that has to go in loader.conf and reboot the system to enable.
> MY problem is with ipf on host and ipfw in a vnet jail. Once kldload
> for ipfw is completed it now impacts the host by blocking all traffic
> before host ipf firewall gets the traffic. Putting pass all rules in
> vnet jail ipfw only effects the vnet jail not the host.
The ipfw manpage mentions that it can be modified by kenv, but only if
the ipfw module is reloaded. I don't know if that is acceptable to you,
but I also haven't tried it since I don't use ipfw.
Carl Johnson carlj at peak.org
More information about the freebsd-questions