On Tue, 15 Dec 2015 23:47:39 +0100, bcs wrote:
[..]
> I use ipfw but "ipfw -q -f flush" didn't solve the issue. Here are my
[..]
> /boot/loader.conf:
> ipfw_load="YES"
> net.inet.ip.fw.default_to_accept=1
ipfw(8):
Tunables can be set in loader(8) prompt, loader.conf(5) or kenv(1) before
ipfw module gets loaded.
net.inet.ip.fw.default_to_accept: 0
Defines ipfw last rule behavior. This value overrides options
IPFW_DEFAULT_TO_(ACCEPT|DENY) from kernel configuration file.
So set the tunable BEFORE loading ipfw. Check with '# ipfw show | tail'
or similar to see your rules are really what you expected .. flushing
wouldn't help if it's still defaulting to deny.
You may find it a better idea using firewall_enable=YES in /etc/rc.conf,
with firewall_type=OPEN when that's what you want. You can then change
your firewall_type on the fly without rebooting - e.g. with sysrc(8) -
using 'service ipfw restart'.
cheers, Ian
_______________________________________________
freebsd-net@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"
