From owner-freebsd-questions@FreeBSD.ORG Fri Jan 30 20:07:44 2004 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 4F8CB16A4CE for ; Fri, 30 Jan 2004 20:07:44 -0800 (PST) Received: from mail.radicalv.com (secure.radicalv.com [216.118.91.10]) by mx1.FreeBSD.org (Postfix) with ESMTP id 2CBD043D1F for ; Fri, 30 Jan 2004 20:07:41 -0800 (PST) (envelope-from ecrist@adtechintegrated.com) Received: (qmail 86790 invoked from network); 31 Jan 2004 04:07:30 -0000 Received: from unknown (HELO 192.168.1.100) (63.228.14.245) by mail.radicalv.com with SMTP; 31 Jan 2004 04:07:30 -0000 From: Eric F Crist Organization: AdTech Integrated Systems, Inc To: Date: Fri, 30 Jan 2004 22:07:24 -0600 User-Agent: KMail/1.5 References: In-Reply-To: MIME-Version: 1.0 Content-Type: multipart/signed; protocol="application/pgp-signature"; micalg=pgp-sha1; boundary="Boundary-02=_HoyGAd6iiuS89dV"; charset="iso-8859-1" Content-Transfer-Encoding: 7bit Message-Id: <200401302207.35047.ecrist@adtechintegrated.com> cc: freebsd-questions@freebsd.org Subject: Re: where am I supposed to put my rc.firewall? X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: ecrist@adtechintegrated.com List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 31 Jan 2004 04:07:44 -0000 --Boundary-02=_HoyGAd6iiuS89dV Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Content-Description: signed data Content-Disposition: inline On Friday 30 January 2004 09:34 pm, JJB wrote: > firewall_type=3D"/etc/grog.firewall" > > is wrong, replace it with > > firewall_srcipt=3D'/etc/grog.firewall ' > > -----Original Message----- > From: owner-freebsd-questions@freebsd.org > [mailto:owner-freebsd-questions@freebsd.org]On Behalf Of Eric F > Crist > Sent: Friday, January 30, 2004 8:48 PM > To: Chuck Swiger > Cc: freebsd-questions@freebsd.org > Subject: Re: where am I supposed to put my rc.firewall? > > On Friday 30 January 2004 06:54 pm, Chuck Swiger wrote: > > Eric F Crist wrote: > > > I'm trying to add IPFW support. Where do I put my rc.firewall > > so that it > > > > gets read at boot time? I've tried /usr/local/etc/rc.d and /etc > > but > > > > neither seems to get read. > > > > Specify the location of your firewall script in /etc/rc.conf like > > so: > > firewall_enable=3D'YES' > > firewall_type=3D'/etc/ERICS_firewall' > > firewall_flags=3D'-p /usr/bin/cpp' > > > > [ You might choose to use some other preprocessor... ] > > Well, here's what I have now. I have a file in /etc called > grog.firewall. > It's contents are: > > grog# more grog.firewall > ipfw -f flush > ipfw add 100 pass all from any to any via lo0 > ipfw add 200 deny all from any to 127.0.0.0/8 > ipfw add 300 deny ip from 127.0.0.0/8 to any > ipfw add 600 allow all from any to any > > In my /etc/rc.conf file, I have the following two entries pertaining > to the > firewall: > > firewall_enable=3D"YES" > firewall_type=3D"/etc/grog.firewall" > > Now, this is a headless system, so I access it through the serial > port. I > don't see any errors anywhere, but my ipfw show command, immediately > after > boot, shows: > > 65535 481 38684 deny ip from any to any > > What have I done wrong? > -- > Eric F Crist > AdTech Integrated Systems, Inc > (612) 998-3588 Ok, I'll change that. This script still seems to cause connection problems= =2E =20 Which rules do I need to change? This should be a wide-open firewall scrip= t,=20 right? TIA =2D-=20 Eric F Crist AdTech Integrated Systems, Inc (612) 998-3588 --Boundary-02=_HoyGAd6iiuS89dV Content-Type: application/pgp-signature Content-Description: signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (FreeBSD) iD8DBQBAGyoHzdyDbTMRQIYRAjk/AJ0fILp/yBwKRgoRuZvsvu7+O7TTswCgnMOQ P3s1lnkp61fKHw9HQ+jC7Es= =q0v7 -----END PGP SIGNATURE----- --Boundary-02=_HoyGAd6iiuS89dV--