Re: Converting from IPFW to IPFILTER
From: Aaron Peterson (dopplecoder_at_gmail.com)
Date: 10/10/05
- Previous message: Lowell Gilbert: "Re: make.conf need --disable-nls or NO_LOCALE settings ?"
- In reply to: Brian E. Conklin: "RE: Converting from IPFW to IPFILTER"
- Next in thread: Aaron Peterson: "Re: Converting from IPFW to IPFILTER"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Date: Mon, 10 Oct 2005 11:27:23 -0400 To: "Brian E. Conklin" <bconklin@masongeneral.com>
On 10/10/05, Brian E. Conklin <bconklin@masongeneral.com> wrote:
>
> So I am assuming because IPFW is built into the kernel with a "default to
> deny" option, I will need an IPFW rule allowing everything? Or, can I change
> my rc.conf to have IPFIREWALL_ENABLE="NO"?
>
IPFW can be compiled static into the kernel, or it can be loaded as a
module. My understanding is that when loading as a module, default
deny is your only option. If you compile into the kernel with
"options IPFFIREWALL_DEFAULT_TO_ACCEPT" then you get the obvious
results. This is all in the handbook by the way:
http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/firewalls-ipfw.html
Aaron
_______________________________________________
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org"
- Previous message: Lowell Gilbert: "Re: make.conf need --disable-nls or NO_LOCALE settings ?"
- In reply to: Brian E. Conklin: "RE: Converting from IPFW to IPFILTER"
- Next in thread: Aaron Peterson: "Re: Converting from IPFW to IPFILTER"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Relevant Pages
|
|
