Re: need ipfw clarification
From: Duane Winner (dwinner-lists_at_att.net)
Date: 02/04/05
- Previous message: Dmitriy Kirhlarov: "Re: need ipfw clarification"
- In reply to: Roberto Nunnari: "Re: need ipfw clarification"
- Next in thread: Bill Moran: "Re: need ipfw clarification"
- Reply: Bill Moran: "Re: need ipfw clarification"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Fri, 04 Feb 2005 15:02:04 -0500 To: Roberto Nunnari <roberto.nunnari@supsi.ch>
Thanks Roberto,
Just to make sure I understand though, I only need to be concerned
"forwarding" and "forward rules" if I'm setting up a multi-homed host
(i.e., router), is this correct?
If I'm just using ipfw for single-host based firewall protection, then
forwarding doesn't apply, right?
Thanks again,
Duane
Roberto Nunnari wrote:
> Hi Duane.
>
> I had the same problem.. With 5.2.1 I had working forward rules
> and that were broke with 5.3
>
> after some fiddling I managed to have that work again.. just
> add them to your kernel:
>
> options IPFIREWALL
> options IPFIREWALL_DEFAULT_TO_ACCEPT
> options IPFIREWALL_VERBOSE
> options IPFIREWALL_FORWARD
>
> if you don't add them to your kernel, forwarding in ipfw will
> be disabled.
>
> Ciao.
>
>
> Duane Winner wrote:
>
>> Hello,
>>
>> I noticed that after enabling firewall in my kernel (5.3-release), my
>> dmesg now gives me this:
>>
>> ipfw2 initialized, divert disabled, rule-based forwarding disabled,
>> default to accept, logging limited to 5 packets/entry by default
>>
>>
>> On 5.2.1, I used to get this:
>>
>> ipfw2 initialized, divert disabled, rule-based forwarding enabled,
>> default to accept, logging disabled
>>
>> If both cases, I am adding this to my KERNEL config:
>>
>> options IPFIREWALL
>> options IPFIREWALL_DEFAULT_TO_ACCEPT
>>
>>
>> It seems that the major difference between 5.2.1 and 5.3 is that now
>> rule-based forwarding is disabled.
>>
>> Is this correct? And what exactly is rule-based forwarding? I'm
>> guessing that it doesn't really apply to my situation, as in these
>> cases, I am using IPFW to create a deny all inbound to my laptop when
>> I'm on the road. But I just want to make sure.
>>
>> Thanks,
>> DW
>> _______________________________________________
>> freebsd-security@freebsd.org mailing list
>> http://lists.freebsd.org/mailman/listinfo/freebsd-security
>> To unsubscribe, send any mail to
>> "freebsd-security-unsubscribe@freebsd.org"
>
>
>
_______________________________________________
freebsd-security@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"
- Previous message: Dmitriy Kirhlarov: "Re: need ipfw clarification"
- In reply to: Roberto Nunnari: "Re: need ipfw clarification"
- Next in thread: Bill Moran: "Re: need ipfw clarification"
- Reply: Bill Moran: "Re: need ipfw clarification"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
