kldload ipfw, with IPFIREWALL_DEFAULT_TO_ACCEPT
Konstantin Belousov
kostikbel at gmail.com
Mon Jul 29 14:04:47 UTC 2013
On Mon, Jul 29, 2013 at 12:27:40PM +0100, Karl Pielorz wrote:
>
>
> --On 29 July 2013 13:02 +0200 Stefan Esser <se at freebsd.org> wrote:
>
> > I guess you were looking for:
> >
> > net.inet.ip.fw.default_to_accept="1"
> >
> > which is a tunable to be set in /boot/loader.conf ...
>
> Very probably - but that's at boot time :( - Is there nothing I can do at
> kldload time to have the initial kldload give me a 'allow ip from any to
> any' rule as it loads? (thus not affecting traffic on the machine, or more
> importantly the CARP interfaces)?
kenv net.inet.ip.fw.default_to_accept=1
should have the same effect after the usermode is booted. Kenv must
be set before the module is loaded.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 834 bytes
Desc: not available
URL: <http://lists.freebsd.org/pipermail/freebsd-hackers/attachments/20130729/69bb94e7/attachment.sig>
More information about the freebsd-hackers
mailing list