Gogh, Ruben van
2004-Feb-06 06:55 UTC
IPFIREWALL_DEFAULT_TO_ACCEPT becomes default to deny
Hey Guys, today I upgraded to 4.8-RELEASE-p15. As usual I set IPFIREWALL to default accept in my kernel config file. Config & make weren't complaining so, installed the kernel, reboot and there it was:>IP packet filtering initialized, divert disabled, rule-based forwardingenabled, default to deny, logging disabled Another rebuild didn't work out so... I reviewed /usr/src/UPDATING but there's no such thing as dropping IPFIREWALL_DEFAULT_TO_ACCEPT. So, is this a true bug or what? Regards, Ruben ******************************************** The information in this e-mail is personal and may contain confidential and/or priveliged material. The contents may not be disclosed or used by anyone other than the addressee. If you are not the intended recipient, any use, disclosure, copying, distribution or action taken on it is prohibited. If you have received this communication in error please notify us by e-mail and then delete the e-mail and all attachments. ********************************************
Devon H. O'Dell
2004-Feb-06 07:06 UTC
IPFIREWALL_DEFAULT_TO_ACCEPT becomes default to deny
Gogh, Ruben van wrote:> Hey Guys, > > today I upgraded to 4.8-RELEASE-p15. As usual I set IPFIREWALL to default > accept in my kernel config file. > Config & make weren't complaining so, installed the kernel, reboot and there > it was: > >>IP packet filtering initialized, divert disabled, rule-based forwarding > > enabled, default to deny, logging disabled > > Another rebuild didn't work out so... I reviewed /usr/src/UPDATING but > there's no such thing as dropping IPFIREWALL_DEFAULT_TO_ACCEPT. > > So, is this a true bug or what? > > Regards, > > RubenI'm not sure what to make of this as IPFIREWALL_DEFAULT_TO_ACCEPT works fine for me in 4.8, 4.9, 5.1 and 5.2. Are you sure you compiled with the correct kernel configuration (and installed as well)? Additionally, you might like to look into setting firewall_enable="YES" and firewall_type="open" in rc.conf Kind regards, Devon H. O'Dell
Gogh, Ruben van
2004-Feb-08 23:32 UTC
IPFIREWALL_DEFAULT_TO_ACCEPT becomes default to deny
Hey Guys, a brand new week so lets try again. I'll try to be so complete as possible so that I wont receive freebsd-handbook-questions as reply. Last friday I upgraded to 4.8-RELEASE-p15. As usual I set IPFIREWALL to default accept in my kernel config file. config & make weren't complaining so, installed the kernel, reboot and there it was:>IP packet filtering initialized, divert disabled, rule-based forwardingenabled, default to deny, logging disabled Output of ipfw show: 65535 0 0 deny ip from any to any There are no such thing as settings in rc.conf like firewall_type="closed" or what so ever. When I boot up with the older kernel it use default to accept... I triple checked the config file for the right settings. And, as I did config && make depend && make install the system wasn't complaing about a thing. Another rebuild didn't work out so... I reviewed /usr/src/UPDATING but there's no such thing as dropping IPFIREWALL_DEFAULT_TO_ACCEPT. And! I have this problem also on another 4.8-RELEASE-p15 box... So, is this a true bug or what? Regards, Ruben ******************************************** The information in this e-mail is personal and may contain confidential and/or priveliged material. The contents may not be disclosed or used by anyone other than the addressee. If you are not the intended recipient, any use, disclosure, copying, distribution or action taken on it is prohibited. If you have received this communication in error please notify us by e-mail and then delete the e-mail and all attachments. ********************************************