> Date: Wed, 21 Feb 2007 12:31:05 -0600 > From: "Scot Hetzel" <swhetzel_at_gmail.com> > > On 2/21/07, Kevin Oberman <oberman_at_es.net> wrote: > > > Firewall rules? > > > > Please ignore my prior message. I just tried and "ipfw list" shows the > > single default deny rule, "65535 deny ip from any to any". I have no > > idea why this is in effect at this early in the startup process...long > > before the firewall rules are loaded. Guess I will stop loading ipfw at > > boot time and let the startup file load it. > > > That is the default ipfw deny rule when ipfw is loaded, it is used to > protect the system from intrusion by unauthorized persons, until you > have your firewall rules loaded. > > You can add: > > option IPFIREWALL_DEFAULT_TO_ACCEPT > > to your kernel config file, which would open your system to the world > until your firewall rules restrict what other systems can access on > that server. Thanks, Scot. I figured that out. I was confused by the change in behavior until I remembered that I used to load ipfw.ko from the ipfw startup script and, to fix the annoying problem of the wrong version of .ko being loaded when I am running a non-default kernel, I added it to /boot/loader.conf. Now ipfw is running from the moment the system boots. I have worked around this with a modification to profile.sh to insert a rule at the beginning and delete it before exiting. Seems to work. Thanks again to both you and Eric for pointing out my brain dead condition. Any thought of making module loads default to the directory of the booted kernel (e.g. /boot/kernel.old) instead of /boot/kernel? -- R. Kevin Oberman, Network Engineer Energy Sciences Network (ESnet) Ernest O. Lawrence Berkeley National Laboratory (Berkeley Lab) E-mail: oberman_at_es.net Phone: +1 510 486-8634 Key fingerprint:059B 2DDF 031C 9BA3 14A4 EADA 927D EBB3 987B 3751
This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:39:05 UTC