Date: Sat, 17 Jan 2004 23:06:25 +0100 (CET) From: Roderick van Domburg <r.s.a.vandomburg@student.utwente.nl> To: FreeBSD-gnats-submit@FreeBSD.org Subject: misc/61501: [PATCH] rc.d/ip6fw does not enable firewall Message-ID: <200401172206.i0HM6Ppx072803@stud187236.mobiel.utwente.nl> Resent-Message-ID: <200401172210.i0HMAJSJ040961@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 61501 >Category: misc >Synopsis: [PATCH] rc.d/ip6fw does not enable firewall >Confidential: no >Severity: serious >Priority: high >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Sat Jan 17 14:10:18 PST 2004 >Closed-Date: >Last-Modified: >Originator: Roderick van Domburg >Release: FreeBSD 5.2-CURRENT sparc64 >Organization: University of Twente >Environment: System: FreeBSD stud187236.mobiel.utwente.nl 5.2-CURRENT FreeBSD 5.2-CURRENT #0: Sun Jan 11 14:03:52 CET 2004 roderick@magog.student.utwente.nl:/usr/obj/usr/src/sys/MAGOG sparc64 >Description: The "ip6fw" RC script flushes and loads the firewall rules correctly, but never actually enables the firewall filtering itself. >How-To-Repeat: 1. Enable IPv6 firewall services in /etc/rc.conf 2. Properly configure /etc/rc.firewall6 3. Start the IPv6 firewall service by executing `/etc/rc.d/ip6fw start` 4. Try to access a service running on a filtered port >Fix: --- /etc/rc.d/ip6fw.old Sat Jan 17 22:59:49 2004 +++ /etc/rc.d/ip6fw Sat Jan 17 23:00:02 2004 @@ -52,6 +52,10 @@ echo 'IPv6 Firewall logging=YES' sysctl net.inet6.ip6.fw.verbose=1 >/dev/null fi + + # Enable the firewall + # + ${SYSCTL_W} net.inet6.ip6.fw.enable=1 } load_rc_config $name >Release-Note: >Audit-Trail: >Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200401172206.i0HM6Ppx072803>