Date: Sun, 30 Jun 1996 14:05:39 -0500 (CDT) From: Alex Nash <alex@zen.nash.org> To: rhh@ct.picker.com Cc: stable@freebsd.org Subject: RE: 960627-SNAP - Problem with IPFirewall/portmap Message-ID: <199606301905.OAA03003@zen.nash.org>
next in thread | raw e-mail | index | archive | help
> Just installed the 2.1-960627-SNAP, and ran into a system hang-up with
> it. I spent some time narrowing this down, it appears that the presence of
> the IPFIREWALL option causes portmap to refuse connections. rpcinfo -p
> just prints an error, and amd can't register with portmap. This leaves the
> kernel in a somewhat strange state on amd's exit, and causes hang-ups when
> accessing automount directories.
> [...]
> I actually haven't ever used IPFIREWALL -- I just pulled over my
> 2.1-RELEASE config file and tailored it based on the latest LINT. It's one
> of those things I put in to play with later, and adding it didn't cause any
> problems with 2.1-RELEASE. For now, I'll just remove it but I'm curious as
> to whether this is a bug or something I don't have set up correctly.
The default policy of the firewall is to deny packets. This has
changed since 2.1R in which the default policy was allow. Try typing
'ipfw l' I suspect you will see only one rule:
65535 deny all from any to any
For information on configuring the firewall, see ipfw(8) and the
handbook (preferably the one on www.freebsd.org since the one in
the SNAP has some errors).
http://www.freebsd.org/handbook/handbook66.html
Alex
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199606301905.OAA03003>