Eliminating IPv6 (?)
Ronald F. Guilmette
rfg at tristatelogic.com
Tue Jun 18 21:27:53 UTC 2019
In message <CAPS9+SvvHLC-MBWpHXBf6utscLyrtPvdtbiekk2OA1y4asH0=w at mail.gmail.com>
Andreas Nilsson <andrnils at gmail.com> wrote:
>But why are you even running rc.firewall if it does not do what you want?
You are asking me the very question that *I* have been asking myself
since my "upgrade" to 12.0.
Why is /etc/rc.firewall even being executed? I never explicitly asked for
that, but that seems to just be a by-product of how things are arranged
these days.... a by-product that I have no direct control over.
>Just set firewall_script="/path/to/script" and your good to go, no ipv6
>anywhere to be found.
That is *not* what the Handbook says. Please read it.
https://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/firewalls-ipfw.html
The way that I am reading section 30.4.1 is that it is telling the user to
put BOTH of these things into /etc/rc.conf:
firewall_enable="YES"
firewall_type="path-to-my-rules-file"
And indeed, that is -exactly- what I have done on my prior FreeBSD systems...
enable *and* configure.
One or the other of those /etc/rc.conf lines nowadays apparently triggers
/etc/rc.firewall to run. I never explicitly asked for that to run, but
it did anyway. I am just going with the flow.
Regards,
rfg
More information about the freebsd-net
mailing list