Date: Fri, 04 Feb 2005 15:02:04 -0500 From: Duane Winner <dwinner-lists@att.net> To: Roberto Nunnari <roberto.nunnari@supsi.ch> Cc: freebsd-security@freebsd.org Subject: Re: need ipfw clarification Message-ID: <4203D4BC.30409@att.net> In-Reply-To: <4202834D.7030000@supsi.ch> References: <42028032.2020701@att.net> <4202834D.7030000@supsi.ch>
next in thread | previous in thread | raw e-mail | index | archive | help
Thanks Roberto, Just to make sure I understand though, I only need to be concerned "forwarding" and "forward rules" if I'm setting up a multi-homed host (i.e., router), is this correct? If I'm just using ipfw for single-host based firewall protection, then forwarding doesn't apply, right? Thanks again, Duane Roberto Nunnari wrote: > Hi Duane. > > I had the same problem.. With 5.2.1 I had working forward rules > and that were broke with 5.3 > > after some fiddling I managed to have that work again.. just > add them to your kernel: > > options IPFIREWALL > options IPFIREWALL_DEFAULT_TO_ACCEPT > options IPFIREWALL_VERBOSE > options IPFIREWALL_FORWARD > > if you don't add them to your kernel, forwarding in ipfw will > be disabled. > > Ciao. > > > Duane Winner wrote: > >> Hello, >> >> I noticed that after enabling firewall in my kernel (5.3-release), my >> dmesg now gives me this: >> >> ipfw2 initialized, divert disabled, rule-based forwarding disabled, >> default to accept, logging limited to 5 packets/entry by default >> >> >> On 5.2.1, I used to get this: >> >> ipfw2 initialized, divert disabled, rule-based forwarding enabled, >> default to accept, logging disabled >> >> If both cases, I am adding this to my KERNEL config: >> >> options IPFIREWALL >> options IPFIREWALL_DEFAULT_TO_ACCEPT >> >> >> It seems that the major difference between 5.2.1 and 5.3 is that now >> rule-based forwarding is disabled. >> >> Is this correct? And what exactly is rule-based forwarding? I'm >> guessing that it doesn't really apply to my situation, as in these >> cases, I am using IPFW to create a deny all inbound to my laptop when >> I'm on the road. But I just want to make sure. >> >> Thanks, >> DW >> _______________________________________________ >> freebsd-security@freebsd.org mailing list >> http://lists.freebsd.org/mailman/listinfo/freebsd-security >> To unsubscribe, send any mail to >> "freebsd-security-unsubscribe@freebsd.org" > > >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4203D4BC.30409>