Date: Thu, 4 Mar 2004 21:24:40 -0500 From: "David Edwards" <david@deassociates.com> To: <freebsd-security@freebsd.org> Subject: ipfw question Message-ID: <001801c40259$04be1ed0$6400a8c0@winxp1700> References: <20040304074442.GA571@kolic.net>
next in thread | previous in thread | raw e-mail | index | archive | help
Hello folks.. I have a quick question ipfw in a 4.8 server.. In /etc/rc.conf, if you set this - firewall_type="OPEN", is it also necessary for this options IPFIREWALL_DEFAULT_TO_ACCEPT in the kernel config file? I would think that using the first would be better because it can be removed, thus allowing no one access, including yourself if you aren't careful. Whereas the second method above, in the kernel config leaves it open if no rules exist or if all rules are flushed. So the the big question is, do I use both, one or the other? I know I can just do options IPFIREWALL, but I want to ensure no way of locking myself out at initial reboot, since this is a remote server. I am also aware of the risks of doing it remotely. But I need to do this. Thanks for your help. David Edwards --- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.576 / Virus Database: 365 - Release Date: 1/30/2004
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?001801c40259$04be1ed0$6400a8c0>