Change IPFW default to allow
Ernie Luzar
luzar722 at gmail.com
Sun Dec 9 23:22:44 UTC 2018
Carl Johnson wrote:
> Ernie Luzar <luzar722 at gmail.com> writes:
>
>> Michael Sierchio wrote:
>>> sysctl net.inet.ip.fw.default_to_accept=1
>>>
>>> On Sun, Dec 9, 2018 at 10:08 AM Ernie Luzar <luzar722 at gmail.com> wrote:
>>>
>>>> Is there a sysctl nib to reset the ipfw default from deny all to allow
>>>> all? Some thing that works without rebooting the system.
>>
>> sysctl net.inet.ip.fw.default_to_accept=1 doesn't work.
>> unknown oid
>>
>> I believe that has to go in loader.conf and reboot the system to enable.
>>
>> MY problem is with ipf on host and ipfw in a vnet jail. Once kldload
>> for ipfw is completed it now impacts the host by blocking all traffic
>> before host ipf firewall gets the traffic. Putting pass all rules in
>> vnet jail ipfw only effects the vnet jail not the host.
>
> The ipfw manpage mentions that it can be modified by kenv, but only if
> the ipfw module is reloaded. I don't know if that is acceptable to you,
> but I also haven't tried it since I don't use ipfw.
Yep that worked for me
kenv -u net.inet.ip.fw.default_to_accept=1
Thanks to all who replied.
More information about the freebsd-questions
mailing list