Thanks, I suppose I should have been able to figure that one out... if I could
log in! I will fix it when I get home. :-)
On Thursday, October 26, 2000 1:32 PM, Bill Fumerola [SMTP:[EMAIL PROTECTED]]
wrote:
> On Thu, Oct 26, 2000 at 01:31:03PM -0700, Glen Gross wrote:
> >
> > I built a 4.1.1 kernel, and the module was built, but when I load the ipfw
> > module with
> >
> > #kldload ipfw
> >
> > it defaults to a deny_all policy, even though I have default_to_accept in
my
> >
> > kernel configuration.
> > This makes it difficult to configure remotely without getting locked out of
> > the
> > system.
> > Is there a way to cause the ipfw module to default to a different policy
> > upon
> > loading?
> > For now it appears that I am locked out, until I can access the console.
>
> Your kernel configuration has ABSOLUTLY NOTHING to do with your module
builds.
>
>
> [hawk-billf] /usr/src > cat sys/modules/ipfw/Makefile
> # $FreeBSD: src/sys/modules/ipfw/Makefile,v 1.13 2000/05/27 01:13:50 peter
Exp
> $
>
> .PATH: ${.CURDIR}/../../netinet
> KMOD= ipfw
> SRCS= ip_fw.c
> NOMAN=
> CFLAGS+= -DIPFIREWALL
> #
> #If you want it verbose
> #CFLAGS+= -DIPFIREWALL_VERBOSE
> #CFLAGS+= -DIPFIREWALL_VERBOSE_LIMIT=100
> #
> #If you want it to pass all packets by default
> #CFLAGS+= -DIPFIREWALL_DEFAULT_TO_ACCEPT
> #
>
> Guess what you should uncomment....
>
> --
> Bill Fumerola - Network Architect, BOFH / Chimes, Inc.
> [EMAIL PROTECTED] / [EMAIL PROTECTED]
>
Glen M. Gross
Unix Technical Support Specialist
Symark Software
5716 Corsa Avenue, Suite 200
Westlake Village, CA 91362
http://www.symark.com
[EMAIL PROTECTED]
Main: 800-234-9072 or 818-865-6100
Main fax: 818-889-1894
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-current" in the body of the message
