From owner-freebsd-current Thu Jan 6 11: 8: 0 2000 Delivered-To: freebsd-current@freebsd.org Received: from alpo.whistle.com (alpo.whistle.com [207.76.204.38]) by hub.freebsd.org (Postfix) with ESMTP id A8AB41560A for ; Thu, 6 Jan 2000 11:07:57 -0800 (PST) (envelope-from ambrisko@whistle.com) Received: from whistle.com (crab.whistle.com [207.76.205.112]) by alpo.whistle.com (8.9.1a/8.9.1) with ESMTP id LAA70479; Thu, 6 Jan 2000 11:07:56 -0800 (PST) Received: (from ambrisko@localhost) by whistle.com (8.9.1/8.9.1) id LAA38192; Thu, 6 Jan 2000 11:07:14 -0800 (PST) (envelope-from ambrisko) From: Doug Ambrisko Message-Id: <200001061907.LAA38192@whistle.com> Subject: Re: BOOTP and IPFIREWALL In-Reply-To: <14452.40864.973241.492117@trooper.velocet.net> from David Gilbert at "Jan 6, 2000 08:58:56 am" To: David Gilbert Date: Thu, 6 Jan 2000 11:07:14 -0800 (PST) Cc: freebsd-current@FreeBSD.ORG X-Mailer: ELM [version 2.4ME+ PL61 (25)] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-freebsd-current@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG David Gilbert writes: | options BOOTP and options IPFIREWALL appear to be incompatible in | -CURRENT. I havn't tried -STABLE. While the kernel compiles fine, | the BOOTP code fails to send the discover packet and panic()'s. | | While it might not be immediately obvious that you'd want IPFIREWALL | in a BOOTP-loaded machine, there are good reasons for it... They are not really incompatible just your use is :-) Add options IPFIREWALL_DEFAULT_TO_ACCEPT #allow everything by default to your kernel. IPFW stuff is blocking any network traffic. So add this to your kernel and you firewall will default to open so BOOT etc will work (including nfs mounting of root & swap), then during the boot use the rc.firewall stuff to setup the firewall correct and then remove the default open rule. This is what I've done when playing with natd on a netbooted machine. (natd require ipfw & divert). If this fails it's news to me. Doug A. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-current" in the body of the message