Date: Tue, 01 May 2001 21:20:19 -0500 From: David Kelly <dkelly@hiwaay.net> To: "Eric J. Schwertfeger" <ejs@bfd.com> Cc: questions@FreeBSD.ORG, steve@havk.org Subject: Re: reloading firewall rules remotely Message-ID: <200105020220.f422KK315533@grumpy.dyndns.org> In-Reply-To: Message from "Eric J. Schwertfeger" <ejs@bfd.com> of "Tue, 01 May 2001 16:16:03 PDT." <Pine.BSF.4.21.0105011557420.2093-100000@harlie.bfd.com>
next in thread | previous in thread | raw e-mail | index | archive | help
"Eric J. Schwertfeger" writes: > > The problem with running /etc/rc.firewall remotely is that the first > thing it does is flush all the rules. If you haven't specified the quiet > ipfw mode in /etc/rc.conf, it will then try to tell you what it > did. Well, as soon as it tries to write the message, it gets a socket > error, probably permission denied, which I think kills the pty, taking the > process executing /etc/rc.firewall with it. > > So, to prevent this from happening, you need to make sure that at no time > between the start of running /etc/rc.firewall and the completion thereof > does the pty try to send anything to you. > > I'm surprized that nohup didn't work, though the shell will still die > as soon as it tries to put up a prompt. Did you confirm that the firewall > rules didn't get loaded? > > My solution is this: > > sh /etc/rc.firewall >/dev/null 2>/dev/null Think Eric has hit the nail on the head. Having done similar things in the past my instinct is to throw parenthesis around it with a sleep: ( sh /etc/rc.firewall ; sleep 10 ) >& /dev/null Forgot the details but Once Upon A Time In A Former Life it was useful to stop and restart "networking" on SGI Irix 6.2 in certian situations. If one is logged in via telnet a variation on the above was The Way To Do It. Come to think of it, don't remember if it dropped my connection or not, but you'd think if networking was stopped all telnetd's should be killed as well. Am not going to lose any sleep over it. Doesn't really matter anyhow as long as I was able to get back in moments later. -- David Kelly N4HHE, dkelly@hiwaay.net ===================================================================== The human mind ordinarily operates at only ten percent of its capacity -- the rest is overhead for the operating system. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200105020220.f422KK315533>