On Fri, 11 Oct 2013 04:38:45 +0200, Chris Stankevitz
<chrisstankev...@gmail.com> wrote:
Hello,
Handbook section 31.9 describes the setup of NAT.
Section 31.9.3 suggests net.inet.ip.fw.default_to_accept="1" "during
the first attempts to setup a firewall and NAT gateway".
Section 31.9.5 suggests I "specify a predefined firewall ruleset that
allows anything in" with firewall_type="OPEN"
Question: What is the difference between these two configurations (or
where can I go to learn the difference between the two)?
Thank you,
Chris
Hello,
ipfw always has one default rule, standard is
65535 deny ip from any to any
If you set net.inet.ip.fw.default_to_accept="1", you get
65535 allow ip from any to any
instead.
Specifing firewall_type="OPEN" gives you an additional rule
65000 allow ip from any to any
Now, if for example you execute ``ipfw flush'', thus deleting all rules,
this deletes rule 65000, but the default rule stays in effect.
With ...default_to_accept="0" ( standard setting ) you now have disabled
all network connections and locked yourself out if you're working remote.
HTH,
Michael
_______________________________________________
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
