On Thu, Sep 9, 2010 at 8:17 AM, Gareth de Vaux <[email protected]> wrote: > Hi all, for some reason these rules get loaded on boot up before the > ones I specify in a file: > > 00100 0 0 allow ip from any to any via lo0 > 00200 0 0 deny ip from any to 127.0.0.0/8 > 00300 0 0 deny ip from 127.0.0.0/8 to any > 00400 0 0 deny ip from any to ::1 > 00500 0 0 deny ip from ::1 to any > 00600 0 0 allow ipv6-icmp from :: to ff02::/16 > 00700 0 0 allow ipv6-icmp from fe80::/10 to fe80::/10 > 00800 0 0 allow ipv6-icmp from fe80::/10 to ff02::/16 > 00900 0 0 allow ipv6-icmp from any to any ip6 icmp6types 1 > 01000 0 0 allow ipv6-icmp from any to any ip6 icmp6types 2,135,136 > > I just flush this manually but how do I stop the behaviour properly? > > My rc.conf entries: > > firewall_enable="YES" > firewall_type="/usr/local/etc/firewall" > firewall_logging="YES"
I would begin by reading: $ man 7 firewall $ man 5 rc.conf $ less /etc/rc.firewall I think the source of /etc/rc.firewall may be most enlightening in regard to the behavior in question (setup_loopback(), setup_ipv6_mandatory(), etc...). Have fun, and don't get discouraged (speaking from experience) :) -Brandon _______________________________________________ [email protected] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw To unsubscribe, send any mail to "[email protected]"
