On Monday 15 June 2009 13:16:56 Paul B. Mahol wrote: > On 6/15/09, subbsd <sub...@gmail.com> wrote: > > Hello > > > > On Monday 15 June 2009 12:37:08 membrana wrote: > >> subbsd wrote: > >> > Hello maillist, > >> > > >> > Whether there is a way for booting GENERIC kernel with > >> > ipfw_load="YES" > >> > > >> > and > >> > > >> > 65535 allow ip from any to any > >> > > >> > rules without recompile kernel with options > >> > IPFIREWALL_DEFAULT_TO_ACCEPT ? > >> > > >> > This is single options who force me customize my own kernel with > >> > freebsd- > >> > update. > >> > > >> > Thanks! > >> > >> put ipfw_load="YES" in /boot/loader.conf - keep in mind default is deny > > > > ... > > As i understand, no way for make permit by default when ipfw.ko is > > loading, before running rc-/user-scripts (rc/rc.firewall...) ? Thanks > > put "net.inet.ip.fw.default_to_accept=1" in /etc/sysctl.conf > > I guess that rc.d/sysctl is run before rc.d/ipfw
Perfect, thats what i needs. OID net.inet.ip.fw.default_to_accept is read-only for userland/sysctl. I change this value in /boot/loader.conf. Thanks Paul! _______________________________________________ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"