Change IPFW default to allow

Carl Johnson carlj at
Sun Dec 9 22:22:04 UTC 2018

Ernie Luzar <luzar722 at> writes:

> Michael Sierchio wrote:
>> sysctl net.inet.ip.fw.default_to_accept=1
>> On Sun, Dec 9, 2018 at 10:08 AM Ernie Luzar <luzar722 at> wrote:
>>> Is there a sysctl nib to reset the ipfw default from deny all to allow
>>> all? Some thing that works without rebooting the system.
>  sysctl net.inet.ip.fw.default_to_accept=1 doesn't work.
> unknown oid
> I believe that has to go in loader.conf and reboot the system to enable.
> MY problem is with ipf on host and ipfw in a vnet jail. Once kldload
> for ipfw is completed it now impacts the host by blocking all traffic
> before host ipf firewall gets the traffic. Putting pass all rules in
> vnet jail ipfw only effects the vnet jail not the host.

The ipfw manpage mentions that it can be modified by kenv, but only if
the ipfw module is reloaded.  I don't know if that is acceptable to you,
but I also haven't tried it since I don't use ipfw.
Carl Johnson		carlj at

More information about the freebsd-questions mailing list