I'm using a pretty simple configuration:
My rc.conf:
ifconfig_sis0="DHCP"
firewall_enable="YES"
firewall_logging="YES"
firewall_script="/etc/ipfw.rules"
My /etc/ipfw.rules:
#!/bin/sh
fwcmd="/sbin/ipfw -q".
${fwcmd} -f flush
${fwcmd} add pass ip from any to any via lo0
${fwcmd} add deny log ip fro
Hi. Have the same problem, but with wlan. With rule like below
Ipfw add deny log all from any to any
i do not see any packets in ipfw -d show output.
LAN behind wlan interface gets ip-addr, but inet is blocked, of course.
Vitaliy
--- Original Message ---
From: "Olivier Cochard-Labbé"
D
Hello Olivier and FreeBSD friends,
On Mon, Jan 05, 2015 at 11:33:18AM +0100, Olivier Cochard-Labbé wrote:
> I'm using a pretty simple configuration:
>
> My rc.conf:
> ifconfig_sis0="DHCP"
> firewall_enable="YES"
> firewall_logging="YES"
> firewall_script="/etc/ipfw.rules"
>
> My /etc/ipfw.rules:
dhclient uses bpf to send and receive traffic,
and that acts before the firewall has a chance
to see the packets.
There is a chance that incoming packets are
also passed to the network stack, but they
are probably discarded before the firewall
because the interface does not have an address yet.
c
Hello Luigi and FreeBSD friends,
I do top posting.
So there might be a chance that someting slips through the firewall
between the start of the firewall and after the bpf traffic of dhclient.
Once the NIC is configured, traffic is possible in principle.
Would it be better to start the bpf traffi
On Mon, Jan 5, 2015 at 1:28 PM, Willy Offermans
wrote:
> Hello Luigi and FreeBSD friends,
>
> I do top posting.
>
> So there might be a chance that someting slips through the firewall
> between the start of the firewall and after the bpf traffic of dhclient.
> Once the NIC is configured, traffic
On Mon, Jan 5, 2015 at 2:41 PM, Olivier Cochard-Labbé
wrote:
> On Mon, Jan 5, 2015 at 1:28 PM, Willy Offermans > wrote:
>
>> Hello Luigi and FreeBSD friends,
>>
>> I do top posting.
>>
>> So there might be a chance that someting slips through the firewall
>> between the start of the firewall and
On 1/5/15 9:51 PM, Luigi Rizzo wrote:
On Mon, Jan 5, 2015 at 2:41 PM, Olivier Cochard-Labbé
wrote:
I believe that when Luigi says "that acts before the firewall has a chance
to see the packets", he was not speaking of the RC script order, but about
the FreeBSD network stack layer order.
Do yo
