Converting from IPFW to IPFILTER

On 10/10/05, Aaron Peterson <dopplecodergmail.com> wrote:
> Thanks. The problem is it is on a production machine
that I can not have down
> for any length of time. So recompiling the kernel to
remove IPFW support, and
> then configuring, troubleshooting, and tweaking
IPFILTER would have access
> down too long. I'd prefer to switch back and forth from
the command line
> while I get IPFILTER configured and working correctly.
Then on my next
> quarterly BUILDWORLD, I can also recompile the kernel
to remove IPFW support.

You can add an ipfw rule (#1 for instance) allowing all
traffic.
However if you use other protocols besides IP on your
network, this
might have unexpected side effects.  My understanding is
that the
default deny policy drops everything that isn't IP traffic,
and there
is no way to allow it using rules at that point.  Someone
please
correct me if I'm wrong.  A default accept policy with a
"deny all"
rule functions similarly, still allowing all non IP traffic.
 If you
don't forsee this causing problems, you should be fine with
a single
"allow all" rule until your change window arrives.

Aaron
_______________________________________________
freebsd-questionsfreebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-que
stions
To unsubscribe, send any mail to
"freebsd-questions-unsubscribefreebsd.org"