Bob Johnson writes: > On my test system, the IPv6 ruleset is loaded first, and then > when the IPv4 ruleset is loaded, the flush command in rc.firewall > removes all of the IPv6 rules, so I end up with default deny for > IPv6, plus all of my normal IPv4 rules. It's possible that this > interaction explains the other oddities I thought I've seen but > haven't reliably reproduced. > > I fixed it by removing the flush commands from both rc.firewall > and rc.firewall6, but I expect this broke the proper operation of > "/etc/rc.d/ipfw restart" (although I haven't actually tested > that. I just manually flush the rules if I need to restart the > firewall).
There are a number of good reasons to Not Do That, which others can explain better than I. Instead let me suggest you make a copy of those scripts, then ponder this part of my rc.conf: firewall_enable="YES" # Set to YES to enable firewall functionality firewall_type="UNKNOWN" # Firewall type (see /etc/rc.firewall) firewall_script="/etc/ipfw.master" # Use this instead of /etc/rc.firewall ipv6_firewall_enable="YES" # Set to YES to enable IPv6 firewall ipv6_firewall_type="UNKNOWN" # see /etc/rc.firewall6 ipv6_firewall_script="/etc/ipfw.v6.set" # Which script to run to # set up the IPv6 firewall ipv6_firewall_flags="" # see /etc/rc.firewall6 Robert Huff _______________________________________________ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"