Skip site navigation (1)Skip section navigation (2) 
Date:      Thu, 26 Jan 2006 15:34:39 -0800 (PST)
From:      gahn <ipfreak@yahoo.com>
To:        freebsd security <freebsd-security@freebsd.org>, freebsd general questions <freebsd-questions@freebsd.org>
Subject:   strange problem with ipfw and rc.conf
Message-ID:  <20060126233439.62351.qmail@web52101.mail.yahoo.com>
next in thread | raw e-mail | index | archive | help 
Hi all:

I have strange probelm with rc.conf. I set up ipfw
(compiled into kernel) on freebsd-5.4 and it doesn't
seem to load ipfw rulesets (it uses default ruleset
65335 locking out everything). I have to do "sh
/etc/ipfw.rules" in order to load the rulesets, once I
did that, I can access the box from remote locations

here is my rc.conf:

host# more /etc/rc.conf

network_interfaces="lo0 em0 dc0 rl0 plip0"
kern_securelevel="2"
kern_securelevel_enable="YES"
linux_enable="YES"
named_enable="YES"
nisdomainname="NO"
sshd_enable="YES"
usbd_enable="YES"
hostname="sis"
tcp_keepalive="YES"
tcp_extensions="YES"
ifconfig_em0="inet 192.168.128.222/24"
ifconfig_dc0="inet 192.168.1.4/24"
ifconfig_rl0="inet 10.10.75.126/24"
defaultrouter="192.168.128.1"
static_routes="net1 net2"
route_net1="-net 192.168.0.0/22 192.168.1.1"
route_net2="-net 10.10.0.0/16 10.10.128.1"
firewall_script="/etc/ipfw.rules" 
firewall_type="simple"
firewall_quiet="YES"
ipfilter_enable="YES"
ipfilter_rules="/etc/ipf.rules"       
ipmon_enable="YES"                      
ipmon_flags="-Ds"                      
mpd_enable="YES"

also my customized kernel (partial):

options         IPFIREWALL                     
#firewall
options         IPFIREWALL_VERBOSE             
#enable logging to syslogd(8)
options         IPFIREWALL_VERBOSE_LIMIT=10     #limit
verbosity
#options        IPFIREWALL_DEFAULT_TO_ACCEPT    #allow
everything by default
options         IPFIREWALL_FORWARD             
#packet destination changes
options         IPFIREWALL_FORWARD_EXTENDED     #all
packet dest changes
options         IPDIVERT                       
#divert sockets

TIA


__________________________________________________
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20060126233439.62351.qmail>