Home / server / Questions / 421580
Accepted
Korjavin Ivan
Asked: 2012-08-28 04:08:03 +0800 CST

ipfw strange rules after reboot

  • 772

I set this lines in my rc.conf:

firewall_enable="YES"
firewall_type="/etc/ipfw.rules"

cat /etc/ipfw.rules

add 02020 deny ip from table(10) to any
add 02030 deny ip from table(11) to any dst-port 25

...

But after reboot, ipfw show :

00100 allow ip from any to any via lo0
00200 deny ip from any to 127.0.0.0/8
00300 deny ip from 127.0.0.0/8 to any
00400 deny ip from any to ::1
00500 deny ip from ::1 to any
00600 allow ipv6-icmp from :: to ff02::/16
00700 allow ipv6-icmp from fe80::/10 to fe80::/10
00800 allow ipv6-icmp from fe80::/10 to ff02::/16
00900 allow ipv6-icmp from any to any ip6 icmp6types 1
01000 allow ipv6-icmp from any to any ip6 icmp6types 2,135,136
 ... after that, my rules

But i have not this lines about ip6 in my ipfw.rules.

How to disable this useless rules?

freebsd

1 Answers

  1. Best Answer

    You have enabled the IPv6 Firewall without configuring it,so it is defaulting to type "unknown".

    Either disable the IPv6 firewall by removing ipv6_firewall_enable="YES", or configure rules for the IPv6 firewall and load them as you are with the IPv4 firewall.

    Edit:
    The above is true for previous versions of FreeBSD. As of 9.0-STABLE the IPv6 and IPv4 firewall configurations are merged. The new Answer is:

    Those firewall entries are considered "mandatory" and can only be disabled by editing the configuration script or rolling your own configuration script.

    • 2