kldload ipfw, with IPFIREWALL_DEFAULT_TO_ACCEPT

Konstantin Belousov kostikbel at gmail.com
Mon Jul 29 14:04:47 UTC 2013


On Mon, Jul 29, 2013 at 12:27:40PM +0100, Karl Pielorz wrote:
> 
> 
> --On 29 July 2013 13:02 +0200 Stefan Esser <se at freebsd.org> wrote:
> 
> > I guess you were looking for:
> >
> > 	net.inet.ip.fw.default_to_accept="1"
> >
> > which is a tunable to be set in /boot/loader.conf ...
> 
> Very probably - but that's at boot time :( - Is there nothing I can do at 
> kldload time to have the initial kldload give me a 'allow ip from any to 
> any' rule as it loads? (thus not affecting traffic on the machine, or more 
> importantly the CARP interfaces)?

kenv net.inet.ip.fw.default_to_accept=1
should have the same effect after the usermode is booted.  Kenv must
be set before the module is loaded.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 834 bytes
Desc: not available
URL: <http://lists.freebsd.org/pipermail/freebsd-hackers/attachments/20130729/69bb94e7/attachment.sig>


More information about the freebsd-hackers mailing list