On Fri, 11 Oct 2013 04:38:45 +0200, Chris Stankevitz
chrisstankev...@gmail.com wrote:
Hello,
Handbook section 31.9 describes the setup of NAT.
Section 31.9.3 suggests net.inet.ip.fw.default_to_accept=1 during
the first attempts to setup a firewall and NAT gateway.
Section 31.9.5 suggests I specify a predefined firewall ruleset that
allows anything in with firewall_type=OPEN
Question: What is the difference between these two configurations (or
where can I go to learn the difference between the two)?
Thank you,
Chris
Hello,
ipfw always has one default rule, standard is
65535 deny ip from any to any
If you set net.inet.ip.fw.default_to_accept=1, you get
65535 allow ip from any to any
instead.
Specifing firewall_type=OPEN gives you an additional rule
65000 allow ip from any to any
Now, if for example you execute ``ipfw flush'', thus deleting all rules,
this deletes rule 65000, but the default rule stays in effect.
With ...default_to_accept=0 ( standard setting ) you now have disabled
all network connections and locked yourself out if you're working remote.
HTH,
Michael
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
