On Tue, Jun 18, 2019, 23:28 Ronald F. Guilmette <r...@tristatelogic.com> wrote:
> In message <CAPS9+SvvHLC-MBWpHXBf6utscLyrtPvdtbiekk2OA1y4asH0= > w...@mail.gmail.com> > Andreas Nilsson <andrn...@gmail.com> wrote: > > >But why are you even running rc.firewall if it does not do what you want? > > You are asking me the very question that *I* have been asking myself > since my "upgrade" to 12.0. > > Why is /etc/rc.firewall even being executed? I never explicitly asked for > that, but that seems to just be a by-product of how things are arranged > these days.... a by-product that I have no direct control over. > > >Just set firewall_script="/path/to/script" and your good to go, no ipv6 > >anywhere to be found. > > That is *not* what the Handbook says. Please read it. > > > https://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/firewalls-ipfw.html > > Ok, so the handbook is wrong. It's a bug in the documentation. > The way that I am reading section 30.4.1 is that it is telling the user to > put BOTH of these things into /etc/rc.conf: > > firewall_enable="YES" > firewall_type="path-to-my-rules-file" > > And indeed, that is -exactly- what I have done on my prior FreeBSD > systems... > enable *and* configure. > > One or the other of those /etc/rc.conf lines nowadays apparently triggers > /etc/rc.firewall to run. I never explicitly asked for that to run, but > it did anyway. I am just going with the flow. > As soon as set firewall_script instead of firewall_type your problems will be solved. Just try it. The man page for rc.conf will tell you the same thing. > > > Regards, > rfg > _______________________________________________ > freebsd-net@freebsd.org mailing list > https://lists.freebsd.org/mailman/listinfo/freebsd-net > To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org" > _______________________________________________ freebsd-net@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"
