ipfw firewall_type 'OPEN'

[Sebastian Mellmann]

Hi everyone!

I've set the following parameters in rc.conf:

gateway_enable=YES
firewall_enable=YES
firewall_type=OPEN
firewall_logging=YES

When I took a look at the ruleset I see:

00010 allow ip from any to any via lo0
65000 allow ip from any to any
65535 deny ip from any to any


The problem is, if I execute my own ipfw script and flush the rules via
'ipfw -q -f flush'
and
'ipfw -q -f pipe flush'
I'm loosing my ssh connection to that machine.
Is there any chance to remove the rule 65535 or change it to allow
instead of deny?

I've got another FreeBSD machine here (7.0) where the default setting is
'65535 allow ip from any to any', when using firwall_type OPEN.
Both rc.conf files are the same!


Regards,
Sebastian

___
freebsd-net@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to freebsd-net-unsubscr...@freebsd.org

Re: ipfw firewall_type 'OPEN'

[Marius Nünnerich]

On Mon, May 18, 2009 at 14:04, Sebastian Mellmann
sebastian.mellm...@net.t-labs.tu-berlin.de wrote:
 Hi everyone!

 I've set the following parameters in rc.conf:

 gateway_enable=YES
 firewall_enable=YES
 firewall_type=OPEN
 firewall_logging=YES

 When I took a look at the ruleset I see:

 00010 allow ip from any to any via lo0
 65000 allow ip from any to any
 65535 deny ip from any to any


 The problem is, if I execute my own ipfw script and flush the rules via
 'ipfw -q -f flush'
 and
 'ipfw -q -f pipe flush'
 I'm loosing my ssh connection to that machine.
 Is there any chance to remove the rule 65535 or change it to allow
 instead of deny?

 I've got another FreeBSD machine here (7.0) where the default setting is
 '65535 allow ip from any to any', when using firwall_type OPEN.
 Both rc.conf files are the same!


There is a kernel option to do, see ipfw(4).
___
freebsd-net@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to freebsd-net-unsubscr...@freebsd.org