strange problem with ipfw and rc.conf
Hi all:
I have strange probelm with rc.conf. I set up ipfw
(compiled into kernel) on freebsd-5.4 and it doesn't
seem to load ipfw rulesets (it uses default ruleset
65335 locking out everything). I have to do "sh
/etc/ipfw.rules" in order to load the rulesets, once I
did that, I can access the box from remote locations
here is my rc.conf:
host# more /etc/rc.conf
network_interfaces="lo0 em0 dc0 rl0 plip0"
kern_securelevel="2"
kern_securelevel_enable="YES"
linux_enable="YES"
named_enable="YES"
nisdomainname="NO"
sshd_enable="YES"
usbd_enable="YES"
hostname="sis"
tcp_keepalive="YES"
tcp_extensions="YES"
ifconfig_em0="inet 192.168.128.222/24"
ifconfig_dc0="inet 192.168.1.4/24"
ifconfig_rl0="inet 10.10.75.126/24"
defaultrouter="192.168.128.1"
static_routes="net1 net2"
route_net1="-net 192.168.0.0/22 192.168.1.1"
route_net2="-net 10.10.0.0/16 10.10.128.1"
firewall_script="/etc/ipfw.rules"
firewall_type="simple"
firewall_quiet="YES"
ipfilter_enable="YES"
ipfilter_rules="/etc/ipf.rules"
ipmon_enable="YES"
ipmon_flags="-Ds"
mpd_enable="YES"
also my customized kernel (partial):
options IPFIREWALL
#firewall
options IPFIREWALL_VERBOSE
#enable logging to syslogd(8)
options IPFIREWALL_VERBOSE_LIMIT=10 #limit
verbosity
#options IPFIREWALL_DEFAULT_TO_ACCEPT #allow
everything by default
options IPFIREWALL_FORWARD
#packet destination changes
options IPFIREWALL_FORWARD_EXTENDED #all
packet dest changes
options IPDIVERT
#divert sockets
TIA
__________________________________________________
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
http://mail.yahoo.com
_______________________________________________
freebsd-security@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"
討論串 (同標題文章)
完整討論串 (本文為第 1 之 10 篇):