From owner-freebsd-questions Fri Mar 29 10:18:55 2002 Delivered-To: freebsd-questions@freebsd.org Received: from mta07-svc.ntlworld.com (mta07-svc.ntlworld.com [62.253.162.47]) by hub.freebsd.org (Postfix) with ESMTP id 88B6737B400 for ; Fri, 29 Mar 2002 10:18:49 -0800 (PST) Received: from lungfish.ntlworld.com ([80.4.0.215]) by mta07-svc.ntlworld.com (InterMail vM.4.01.03.27 201-229-121-127-20010626) with ESMTP id <20020329181848.DBS7757.mta07-svc.ntlworld.com@lungfish.ntlworld.com>; Fri, 29 Mar 2002 18:18:48 +0000 Received: from tuatara.goatsucker.org (tuatara.goatsucker.org [192.168.1.6]) by lungfish.ntlworld.com (8.11.6/8.11.3) with ESMTP id g2TIIlj25003; Fri, 29 Mar 2002 18:18:47 GMT (envelope-from scott@tuatara.goatsucker.org) Received: (from scott@localhost) by tuatara.goatsucker.org (8.11.6/8.11.6) id g2TIIkE08683; Fri, 29 Mar 2002 18:18:46 GMT (envelope-from scott) Date: Fri, 29 Mar 2002 18:18:46 +0000 From: Scott Mitchell To: Martyn Hill Cc: G D McKee , FreeBSD-questions Subject: Re: Cable-modem, dynamic IP, NAT and IPFW Message-ID: <20020329181846.C8371@fishballoon.dyndns.org> References: <0B0368CED76DD4118E1200D0B73E9B5D041E9F8D@MAIL1> <000a01c1d5b0$f282bfe0$0a00000a@stjames.net> <021101c1d5d3$6d6b9f70$c800a8c0@p1000> <002601c1d672$9238db20$0a00000a@stjames.net> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <002601c1d672$9238db20$0a00000a@stjames.net>; from sysadmin@st-james-snrgirls.w-london.sch.uk on Thu, Mar 28, 2002 at 04:06:50PM -0000 X-Operating-System: FreeBSD 4.5-STABLE i386 Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG On Thu, Mar 28, 2002 at 04:06:50PM -0000, Martyn Hill wrote: > Gordon > > Thanks. The issue of daft firewall rules may be pertinent - however, I have (temporarily) switched off the firewall in > /etc/rc.conf with > > firewall_enable="NO" > > Is this sufficient to ensure that I'm testing the system without interference from a potentially dodgy set of rules? > > Martyn Hill. Possibly not (see the lengthy discussion on -stable about this a couple of months back...) You might be better off with: firewall_enable="YES" firewall_type="open" That enables the firewall but configures it to just pass everything. firewall_enable="NO" doesn't necessarily do what you expect when the firewall is compiled into the kernel rather than loaded from a module -- the firewall will still be there but defaults to blocking all packets. HTH, Scott -- =========================================================================== Scott Mitchell | PGP Key ID | "Eagles may soar, but weasels Cambridge, England | 0x54B171B9 | don't get sucked into jet engines" scott.mitchell@mail.com | 0xAA775B8B | -- Anon To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message