On 10/10/05, Aaron Peterson <[EMAIL PROTECTED]> wrote: > Thanks. The problem is it is on a production machine that I can not have down > for any length of time. So recompiling the kernel to remove IPFW support, and > then configuring, troubleshooting, and tweaking IPFILTER would have access > down too long. I'd prefer to switch back and forth from the command line > while I get IPFILTER configured and working correctly. Then on my next > quarterly BUILDWORLD, I can also recompile the kernel to remove IPFW support.
You can add an ipfw rule (#1 for instance) allowing all traffic. However if you use other protocols besides IP on your network, this might have unexpected side effects. My understanding is that the default deny policy drops everything that isn't IP traffic, and there is no way to allow it using rules at that point. Someone please correct me if I'm wrong. A default accept policy with a "deny all" rule functions similarly, still allowing all non IP traffic. If you don't forsee this causing problems, you should be fine with a single "allow all" rule until your change window arrives. Aaron _______________________________________________ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
