Re: NATD: net.inet.ip.fw.default_to_accept="1" vs firewall_type="OPEN"
On Thu, Oct 10, 2013 at 8:22 PM, Michael Ross wrote: > ipfw always has one default rule, standard is > > [snip] > > Specifing firewall_type="OPEN" gives you an additional rule Michael, Thank you that is exactly what I am seeing. Chris ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: NATD: net.inet.ip.fw.default_to_accept="1" vs firewall_type="OPEN"
On Fri, 11 Oct 2013 04:38:45 +0200, Chris Stankevitz wrote: Hello, Handbook section 31.9 describes the setup of NAT. Section 31.9.3 suggests net.inet.ip.fw.default_to_accept="1" "during the first attempts to setup a firewall and NAT gateway". Section 31.9.5 suggests I "specify a predefined firewall ruleset that allows anything in" with firewall_type="OPEN" Question: What is the difference between these two configurations (or where can I go to learn the difference between the two)? Thank you, Chris Hello, ipfw always has one default rule, standard is 65535 deny ip from any to any If you set net.inet.ip.fw.default_to_accept="1", you get 65535 allow ip from any to any instead. Specifing firewall_type="OPEN" gives you an additional rule 65000 allow ip from any to any Now, if for example you execute ``ipfw flush'', thus deleting all rules, this deletes rule 65000, but the default rule stays in effect. With ...default_to_accept="0" ( standard setting ) you now have disabled all network connections and locked yourself out if you're working remote. HTH, Michael ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
NATD: net.inet.ip.fw.default_to_accept="1" vs firewall_type="OPEN"
Hello, Handbook section 31.9 describes the setup of NAT. Section 31.9.3 suggests net.inet.ip.fw.default_to_accept="1" "during the first attempts to setup a firewall and NAT gateway". Section 31.9.5 suggests I "specify a predefined firewall ruleset that allows anything in" with firewall_type="OPEN" Question: What is the difference between these two configurations (or where can I go to learn the difference between the two)? Thank you, Chris ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"