Hi there,
I have a fresh install of freeBSD 11.
I've setup some configuration for interfaces startup in rc.conf along with firewall_enable="YES" and added some rules to to rc.firewall (I've override the existing file with empty file)
So now, after booting, my ipfw is online, and only the default rule is there (deny all).
But I've noticed that if I pinging the machine while it booting, I have something like 1sec when interfaces are up and the firewall is not, so I get echo reply.
This is bad behavior for me.
To solve this I made a horrible workaround where I added this lines into rc.firewall:
So I have 2 questions:
1. why does the FreeBSD enables the interfaces before the firewall
2. is there more elegant way to solve this ?
Thanks !
I have a fresh install of freeBSD 11.
I've setup some configuration for interfaces startup in rc.conf along with firewall_enable="YES" and added some rules to to rc.firewall (I've override the existing file with empty file)
So now, after booting, my ipfw is online, and only the default rule is there (deny all).
But I've noticed that if I pinging the machine while it booting, I have something like 1sec when interfaces are up and the firewall is not, so I get echo reply.
This is bad behavior for me.
To solve this I made a horrible workaround where I added this lines into rc.firewall:
Code:
late_config()
{
sleep 5
ifconfig em0 up
}
late_config &So I have 2 questions:
1. why does the FreeBSD enables the interfaces before the firewall
2. is there more elegant way to solve this ?
Thanks !