Disabling the default filter and IP forwarding (NT/Linux/Solaris/Nokia) (4.1/NG)

Disabling the default filter and IP forwarding (NT/Linux/Solaris/Nokia) (4.1/NG)

To disable "Control IP Forwarding" and the default filter, run the commands below. You can confirm these settings by looking at $FWDIR/boot/boot.conf:

Solaris,
$FWDIR/boot/fwboot bootconf set_ipf 0
$FWDIR/boot/fwboot bootconf set_def 0

Windows NT stores this information in the registry:

HKLM\System\CurrentControlSet\Services\FW1\Parameters
IPForwarding = (DWORD)0xffffffff (when set_ipf 0)
IPForwarding = (DWORD)0x1 (when set_ipf 1)
DefaultFilter = <deleted> (when set_def 0)
DefaultFilter = "<path>" (when set_def <path>)

%SYSTEMROOT%\system32\default.bin is the default for <path>. you can generate this filter with `fw defaultgen`, which will turn %FWDIR%\conf\defaultfilter.pf into %FWDIR\%state\default.bin, which you can then copy over.

On Nokia and 4.1, simply renaming $FWDIR/conf/default.bin prevents the firewall from loading a policy after a reboot, which is NOT desirable

The filters are stored as follows,
$FWDIR/lib/defaultfilter.boot
$FWDIR/lib/defaultfilter.drop

20/MAY/02 Jim Parker

< back