Eliminating IPv6 (?)
Andreas Nilsson
andrnils at gmail.com
Tue Jun 18 12:22:49 UTC 2019
On Tue, Jun 18, 2019 at 2:16 PM Robert Huff <roberthuff at rcn.com> wrote:
>
> Ronald F. Guilmette writes:
>
> > >Instead of messing with the system provided file you could
> > >create a new one with only your own desired rules and then set
> > >this rc.conf variable:
> > >
> > > firewall_script="/etc/rc.firewall"
> >
> > Actually, no, that's not how one is supposed to enable one's own set
> > of ipfw ules. To do that, the Handbook (Sec. 30.4.1) says very clearly
> > that one should do:
> >
> > firewall_enable="YES"
> > firewall_type="path-to-my-rules-file"
> >
> > But I'm glad you brought it up. The funny thing is that even that
> > doesn't work properly nowadays *or* like it used to in the past.
>
> If this is true - haven't checked personally - then it's a bug.
> (And a non-trivial one, the fact you're the first to report it
> notwithstanding.)
> Can you please open a bug report?
>
>
> Respectfully,
>
>
> Robert Huff
>
The bug being that firewall_type is used to specify a type in the default
/etc/rc.firewall file and firewall_script should be used to provide the
path to ones own ipfw script, right?
I have no ipv6 rules in ipfw when configuring rc.conf as:
firewall_enable="YES"
firewall_script="/etc/ipfw.rules".
The man page for rc.conf states:
firewall_script
(str) This variable specifies the full path to the firewall
script to run. The default is /etc/rc.firewall.
firewall_type
(str) Names the firewall type from the selection in
/etc/rc.firewall, or the file which contains the local
firewall ruleset. Valid selections from /etc/rc.firewall
are:
open unrestricted IP access
closed all IP services disabled, except via "lo0"
client basic protection for a workstation
simple basic protection for a LAN.
If a filename is specified, the full path must be given.
Best regards
Andreas
More information about the freebsd-net
mailing list