Matthew Dillon wrote:
> :
> :On Sat, Dec 14, 2002 at 12:38:13PM -0800, Matthew Dillon wrote:
> :>     then, as usual, IPFW with the new kernel and
> :>     old world fails utterly and now the fragging machine can't access the
> :
> :Hear hear!!  I am >< tempted to have /sbin/ipfw moved to src/sys.
>     How about something like this (patch enclosed).  If there are no
>     objections I will commit it along with a documentation update, and
>     maybe also add some RC code give the sysad a chance to ipfw unbreak if
>     ipfw otherwise fails during the boot sequence.

I have a patch here which makes the IPFIREWALL_DEFAULT_TO_ACCEPT tunable
at module load time using a kernel environment variable.  Looks to me
that it would do what you want.


