Date: Sun, 4 Apr 2010 07:45:24 -0300 From: "Ass.Tec. Matik" <asstec@matik.com.br> To: freebsd-ipfw@freebsd.org Subject: workaround for ipfw problem freebsd 8-S after mar-21 Message-ID: <cd98bb9c9d9f520228754b678f2b316f.squirrel@wm.matik.com.br> In-Reply-To: <20100401125929.GA66321@onelab2.iet.unipi.it> References: <4BB24C86.3030709@hardonline.com.br> <20100331020943.GA47928@onelab2.iet.unipi.it> <20100331164302.GA55699@korolev-net.ru> <20100331170221.GB55010@onelab2.iet.unipi.it> <cd82fc45e95950cb83326ef7c1f28323.squirrel@wm.matik.com.br> <20100401002014.GA57424@onelab2.iet.unipi.it> <ca289b41257e17cf3f3ee6a3638e1586.squirrel@wm.matik.com.br> <20100401125929.GA66321@onelab2.iet.unipi.it>
next in thread | previous in thread | raw e-mail | index | archive | help
since this actually also is invalid ipfw add 65535 deny proto ip ipfw: getsockopt(IP_FW_ADD): Invalid argument you need to ipfw add 65534 deny proto ip 65534 deny ip from any to any this is a temp workaround if you have problems with ipfw which actually inserts this two bad rules at the end, independent on what your rules do: 00100 12 728 allow ip from any to any via lo0 00000 0 0 ip from any to any edit your firewall script and add directly after the flush command, depending on your default, if your default setup is to deny: ipfw add 65534 deny proto ip else ipfw add 65534 pass proto ip but before _any_ of your rules if you do not need this rule you can add at the end of your rules: ipfw delete 65534 depending on your ruleset you might get rid of the "ouch" wining (irrelevant) but important is that your firewall comes up and will work fine as before Joćo Martins Eng.Resp.Helpdesk e Suporte Matik https://suporte.matik.com.br
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?cd98bb9c9d9f520228754b678f2b316f.squirrel>