On 21.09.2014 09:58, Hiroki Sato wrote: > Hi, > > I would like your comments about the attached patch to /etc/rc. > > The problem I want to fix by this patch is as follows. > net.inet{,6}.fw.enable are set to 1 by default at boot time if IPFW > kernel module is loaded or statically compiled into a kernel. And by > default IPFW has only a "deny ip from any to any" rule if it is > compiled without IPFIREWALL_DEFAULT_TO_ACCEPT option. In this case, > the default-deny rule can prevent rc.d scripts before rc.d/ipfw from > working as described in the patch. > > To fix this, the patch turns IPFW off before running rc.d scripts at > boot time, and enables it again in rc.d/ipfw script.
Hi, I think this should be configurable, the change can be an unexpected for someone. -- WBR, Andrey V. Elsukov _______________________________________________ freebsd-ipfw@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw To unsubscribe, send any mail to "freebsd-ipfw-unsubscr...@freebsd.org"