Mention IPFIREWALL_DEFAULT_TO_ACCEPT and it's effect on rule 65535.

author: peter <peter@FreeBSD.org> 1997-09-10 03:11:36 +0000
committer: peter <peter@FreeBSD.org> 1997-09-10 03:11:36 +0000
commit: b26809e50b299d3f5038597d967f9a730de7d88d (patch)
tree: 3fe97dc9dba1251b3202aa7f1b7244a15008e5f5 /share/man/man4/ipfirewall.4
parent: 85d28c393b5b832b050e4fc51e0c113811252b1e (diff)
download: FreeBSD-src-b26809e50b299d3f5038597d967f9a730de7d88d.zip
FreeBSD-src-b26809e50b299d3f5038597d967f9a730de7d88d.tar.gz
1 files changed, 6 insertions, 3 deletions
diff --git a/share/man/man4/ipfirewall.4 b/share/man/man4/ipfirewall.4
index 9ad1ee3..2e9d124 100644
--- a/share/man/man4/ipfirewall.4
+++ b/share/man/man4/ipfirewall.4
@@ -1,5 +1,5 @@
 .\"
-.\"     $Id: ipfirewall.4,v 1.6.2.2 1997/03/07 03:07:41 mpp Exp $
+.\"     $Id: ipfirewall.4,v 1.10 1997/06/23 02:12:21 julian Exp $
 .\"
 .Dd June 22, 1997
 .Dt IPFIREWALL 4
@@ -23,8 +23,11 @@ which point the corresponding action is taken. Rules are numbered
 from 1 to 65534; multiple rules may share the same number.
 .Pp
 There is one rule that always exists, rule number 65535. This rule
-causes all packets to be dropped. Hence, any packet which does not
-match a lower numbered rule will be dropped.
+normally causes all packets to be dropped. Hence, any packet which does not
+match a lower numbered rule will be dropped.  However, a kernel compile
+time option
+.Dq IPFIREWALL_DEFAULT_TO_ACCEPT
+allows the administrator to change this fixed rule to permit everything.
 .Pp
 The value passed to 
 .Fn setsockopt
author	peter <peter@FreeBSD.org>	1997-09-10 03:11:36 +0000
committer	peter <peter@FreeBSD.org>	1997-09-10 03:11:36 +0000
commit	b26809e50b299d3f5038597d967f9a730de7d88d (patch)
tree	3fe97dc9dba1251b3202aa7f1b7244a15008e5f5 /share/man/man4/ipfirewall.4
parent	85d28c393b5b832b050e4fc51e0c113811252b1e (diff)
download	FreeBSD-src-b26809e50b299d3f5038597d967f9a730de7d88d.zip FreeBSD-src-b26809e50b299d3f5038597d967f9a730de7d88d.tar.gz