Date: Thu, 16 Sep 2010 02:34:24 +1000 (EST) From: Ian Smith <smithi@nimnet.asn.au> To: Gareth de Vaux <bsd@lordcow.org> Cc: Brandon Gooch <jamesbrandongooch@gmail.com>, ipfw@freebsd.org Subject: Re: phantom rules Message-ID: <20100916013417.X73353@sola.nimnet.asn.au> In-Reply-To: <20100915153023.GA84975@lordcow.org> References: <20100909131733.GA21535@lordcow.org> <AANLkTikjBA4aBXJ1JO%2B28CkNmcbC4qYkcmueTQhPnA0J@mail.gmail.com> <20100915134357.A73353@sola.nimnet.asn.au> <20100915153023.GA84975@lordcow.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, 15 Sep 2010, Gareth de Vaux wrote: > On Wed 2010-09-15 (14:39), Ian Smith wrote: > > Indeed, that's where these have come from (and Gareth, you DO want those > > rules, including the ipv6_mandatory ones if running ipv6) > > I don't, because I run my own from my own file. (I'm not using ipv6 > either). Ok. You do have inet6 available, which is why those rules were added. > > but I suspect that you may have rather intended this to be: > > > > firewall_script="/usr/local/etc/firewall" > > Nope I intended it as before - firewall_type="<filename>", and my file is > in the format you mention later, and it works, just preceded with that > stuff I didn't ask for. > > The first line in /usr/local/etc/firewall for example is: > > add pass all from any to any via lo0 > > so I end up with 2 of these rules, plus that other stuff. > > So are there some variables I can set that disable this second-guessing > behaviour? Using '-f flush' as your first ipfw command should do the job, just as rc.firewall did before calling setup_loopback and setup_ipv6_mandatory. cheers, Ian
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20100916013417.X73353>