On 1/5/15 9:51 PM, Luigi Rizzo wrote:
On Mon, Jan 5, 2015 at 2:41 PM, Olivier Cochard-Labbé
wrote:
I believe that when Luigi says "that acts before the firewall has a chance
to see the packets", he was not speaking of the RC script order, but about
the FreeBSD network stack layer order.
Do yo
On Mon, Jan 5, 2015 at 2:41 PM, Olivier Cochard-Labbé
wrote:
> On Mon, Jan 5, 2015 at 1:28 PM, Willy Offermans > wrote:
>
>> Hello Luigi and FreeBSD friends,
>>
>> I do top posting.
>>
>> So there might be a chance that someting slips through the firewall
>> between the start of the firewall and
On Mon, Jan 5, 2015 at 1:28 PM, Willy Offermans
wrote:
> Hello Luigi and FreeBSD friends,
>
> I do top posting.
>
> So there might be a chance that someting slips through the firewall
> between the start of the firewall and after the bpf traffic of dhclient.
> Once the NIC is configured, traffic
Hello Luigi and FreeBSD friends,
I do top posting.
So there might be a chance that someting slips through the firewall
between the start of the firewall and after the bpf traffic of dhclient.
Once the NIC is configured, traffic is possible in principle.
Would it be better to start the bpf traffi
dhclient uses bpf to send and receive traffic,
and that acts before the firewall has a chance
to see the packets.
There is a chance that incoming packets are
also passed to the network stack, but they
are probably discarded before the firewall
because the interface does not have an address yet.
c
Hello Olivier and FreeBSD friends,
On Mon, Jan 05, 2015 at 11:33:18AM +0100, Olivier Cochard-Labbé wrote:
> I'm using a pretty simple configuration:
>
> My rc.conf:
> ifconfig_sis0="DHCP"
> firewall_enable="YES"
> firewall_logging="YES"
> firewall_script="/etc/ipfw.rules"
>
> My /etc/ipfw.rules:
Hi. Have the same problem, but with wlan. With rule like below
Ipfw add deny log all from any to any
i do not see any packets in ipfw -d show output.
LAN behind wlan interface gets ip-addr, but inet is blocked, of course.
Vitaliy
--- Original Message ---
From: "Olivier Cochard-Labbé"
D
I'm using a pretty simple configuration:
My rc.conf:
ifconfig_sis0="DHCP"
firewall_enable="YES"
firewall_logging="YES"
firewall_script="/etc/ipfw.rules"
My /etc/ipfw.rules:
#!/bin/sh
fwcmd="/sbin/ipfw -q".
${fwcmd} -f flush
${fwcmd} add pass ip from any to any via lo0
${fwcmd} add deny log ip fro