Date: Sat, 17 Mar 2007 23:10:13 +1100 From: Mark Andrews <Mark_Andrews@isc.org> To: JoaoBR <joao@matik.com.br> Cc: freebsd-stable@freebsd.org Subject: Re: rc.order wrong (ipfw) Message-ID: <200703171210.l2HCAD63046801@drugs.dv.isc.org> In-Reply-To: Your message of "Sat, 17 Mar 2007 07:57:18 -0300." <200703170757.18939.joao@matik.com.br>
next in thread | previous in thread | raw e-mail | index | archive | help
> On Saturday 17 March 2007 03:58, Mark Andrews wrote: > > > > > nothing goes to this machine because by default everything is blocked > > > > until > > > > > > > > you permit it > > > > > > You're absolutely correct, however your original post seems to have > > > taken many of us by surprise, causing some of us (at least me!) to > > > assume that you've changed the default method to allow. I'm obviously > > > misunderstanding, so I apologise for that, but I hope you can see the > > > reasoning behind my comments with what I knew at the time. :) > > > > ipfw needs to be before networking or router discovery > > fails for IPv6. > > > > http://www.freebsd.org/cgi/query-pr.cgi?pr=conf/108589 > > > > > as default any network connection will fail so long as you do not permit it > > If rtsol fails or is called to early it is an rtsol problem and not an ipfw > problem I guess > > as another example, what if you set a ifconfig_nic0="inet hostname" instead o > f > IP address and this hostname is not in /etc/hosts and ipfw is still not up > and named is far away to start, then, according to your idea we need to start If you do that then the address must be in /etc/hosts. > named and ipfw before netif? ip6fw is before networking. ipfw is supposed to be taking over from ip6fw. ipfw and ip6wf should be started at a similar time. rtsol is approximately the equivalent to DHCP. The machine is requesting a address from the network. It doesn't matter if it is a router or a DHCP server that is suppling the address. DHCP only works because it bypasses the firefall. Mark > -- > > Joćo > > > > > > > > A mensagem foi scaneada pelo sistema de e-mail e pode ser considerada segura. > Service fornecido pelo Datacenter Matik https://datacenter.matik.com.br > _______________________________________________ > freebsd-stable@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-stable > To unsubscribe, send any mail to "freebsd-stable-unsubscribe@freebsd.org" > -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: Mark_Andrews@isc.org
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200703171210.l2HCAD63046801>