From owner-freebsd-stable Tue May 28 14:10:36 2002 Delivered-To: freebsd-stable@freebsd.org Received: from irwanhadi.dorms.usu.edu (irwanhadi.dorms.usu.edu [129.123.230.12]) by hub.freebsd.org (Postfix) with ESMTP id D428E37B401; Tue, 28 May 2002 14:10:18 -0700 (PDT) Received: by irwanhadi.dorms.usu.edu (Postfix, from userid 501) id 63731C83FA; Tue, 28 May 2002 15:09:41 -0600 (MDT) Date: Tue, 28 May 2002 15:09:41 -0600 From: Irwan Hadi To: Jeff Jirsa Cc: Irwan Hadi , freebsd-questions@FreeBSD.ORG, freebsd-stable@FreeBSD.ORG Subject: Re: Server won't boot after recompile the kernel with ipfw support Message-ID: <20020528150941.A24676@phxby.com> Mail-Followup-To: Jeff Jirsa , Irwan Hadi , freebsd-questions@FreeBSD.ORG, freebsd-stable@FreeBSD.ORG References: <20020528142640.A22370@phxby.com> <20020528133316.S16405-100000@boris.st.hmc.edu> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <20020528133316.S16405-100000@boris.st.hmc.edu>; from jeff@boris.st.hmc.edu on Tue, May 28, 2002 at 02:39:03PM -0600 Sender: owner-freebsd-stable@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG On Tue, May 28, 2002 at 02:39:03PM -0600, Jeff Jirsa wrote: > On Tue, 28 May 2002, Irwan Hadi wrote: > > > Dear All, > > > > compiled successfully. But why after I recompile the kernel for the > > second time, with > > options IPFIREWALL > > options IPFIREWALL_VERBOSE > > options IPFIREWALL_VERBOSE_LIMIT=10 according to > > http://www.freebsd.org/handbook/firewalls.html, the server can't be > > ping-ed anymore ? > > I did check the configuration using /usr/bin/config my-kernel, and it > > worked just fine, and there was no error in the make depend, and make > > stage. > > Does anyone has ever got the same problem ? May I know it A.S.A.P, > > because the server is a colocated one, and I need to give instructions > > to the person who is going to "fix" the server. > > > > Did you specify any of the firewall rules / configuration before > rebooting? The default deny rules will keep you from connecting to the > box until you set up new rules that will accept connections. You'll want > to check and modify the firewall_ lines in /etc/defaults/rc.conf . No I didn't because I'm accustomed on Linux that the default policy is open, unless it is defined otherwise. > > The ipfw man page suggests being at the console when you enable the > firewall for this precise reason. > > The way to fix this problem is to log in at the console (or have someone > else do it for you) and add the following rule: > > ipfw add 100 allow ip from any to any > > > This will open up the firewall, and allow you to connect. You'll no doubt > want to delete that rule when you add your own custom rules. man ipfw(8) > will help you when you get around to doing that. Thanks for your info. I will ask the person who near with the server to issue that command from the console then. BTW how can I keep the firewall rules to be permanent on FreeBSD ? Put it on rc.firewall, or create another script that runs everytime the server gets rebooted ? Thanks To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message