Date: Sat, 17 Jan 2004 23:06:25 +0100 (CET) From: Roderick van Domburg <r.s.a.vandomburg@student.utwente.nl> To: FreeBSD-gnats-submit@FreeBSD.org Subject: misc/61501: [PATCH] rc.d/ip6fw does not enable firewall Message-ID: <200401172206.i0HM6Ppx072803@stud187236.mobiel.utwente.nl> Resent-Message-ID: <200401172210.i0HMAJSJ040961@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 61501
>Category: misc
>Synopsis: [PATCH] rc.d/ip6fw does not enable firewall
>Confidential: no
>Severity: serious
>Priority: high
>Responsible: freebsd-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: sw-bug
>Submitter-Id: current-users
>Arrival-Date: Sat Jan 17 14:10:18 PST 2004
>Closed-Date:
>Last-Modified:
>Originator: Roderick van Domburg
>Release: FreeBSD 5.2-CURRENT sparc64
>Organization:
University of Twente
>Environment:
System: FreeBSD stud187236.mobiel.utwente.nl 5.2-CURRENT FreeBSD 5.2-CURRENT #0: Sun Jan 11 14:03:52 CET 2004 roderick@magog.student.utwente.nl:/usr/obj/usr/src/sys/MAGOG sparc64
>Description:
The "ip6fw" RC script flushes and loads the firewall rules correctly, but
never actually enables the firewall filtering itself.
>How-To-Repeat:
1. Enable IPv6 firewall services in /etc/rc.conf
2. Properly configure /etc/rc.firewall6
3. Start the IPv6 firewall service by executing `/etc/rc.d/ip6fw start`
4. Try to access a service running on a filtered port
>Fix:
--- /etc/rc.d/ip6fw.old Sat Jan 17 22:59:49 2004
+++ /etc/rc.d/ip6fw Sat Jan 17 23:00:02 2004
@@ -52,6 +52,10 @@
echo 'IPv6 Firewall logging=YES'
sysctl net.inet6.ip6.fw.verbose=1 >/dev/null
fi
+
+ # Enable the firewall
+ #
+ ${SYSCTL_W} net.inet6.ip6.fw.enable=1
}
load_rc_config $name
>Release-Note:
>Audit-Trail:
>Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200401172206.i0HM6Ppx072803>