From owner-freebsd-questions@FreeBSD.ORG Sun Nov 14 22:50:51 2010 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 25338106566B for ; Sun, 14 Nov 2010 22:50:51 +0000 (UTC) (envelope-from gpeel@thenetnow.com) Received: from constellation.thenetnow.com (constellation.thenetnow.com [207.112.4.14]) by mx1.freebsd.org (Postfix) with ESMTP id F1E918FC08 for ; Sun, 14 Nov 2010 22:50:50 +0000 (UTC) Received: from hpeel.ody.ca ([216.240.12.2] helo=GRANTLAPTOP) by constellation.thenetnow.com with esmtpa (Exim 4.69 (FreeBSD)) (envelope-from ) id 1PHlPJ-0000Fk-U3 for freebsd-questions@freebsd.org; Sun, 14 Nov 2010 17:50:46 -0500 Message-ID: From: "Grant Peel" To: Date: Sun, 14 Nov 2010 17:50:47 -0500 MIME-Version: 1.0 Content-Type: text/plain; format=flowed; charset="iso-8859-1"; reply-type=original Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Windows Mail 6.0.6002.18197 X-MimeOLE: Produced By Microsoft MimeOLE V6.0.6002.18263 Subject: IPFW at startup. X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 14 Nov 2010 22:50:51 -0000 Hi all, I seem to have one server that does not flush the /etc/rc.firewall rules when the script taken from "firewall_type" starts up. That is to say when I boot the machine, 3 rules seem to be still in the list when I do an ipfw -a list. Those three rules appear to be from the /etc.rc.firewall script. The rules from my /etc/ipfw.rules file DO get loaded. Here are the three rules (100, 200, and 300), from /etc/rc.firewall. setup_loopback () { ############ # Only in rare cases do you want to change these rules # ${fwcmd} add 100 pass all from any to any via lo0 ${fwcmd} add 200 deny all from any to 127.0.0.0/8 ${fwcmd} add 300 deny ip from 127.0.0.0/8 to any Here is my /etc/rc,conf setup: firewall_enable="YES" firewall_logging="YES" firewall_type="/etc/ipfw.rules" Here is my /etc/ipfw.rules: enterprise# more /etc/ipfw.rules # Loopback add 00001 allow ip from any to any via lo0 # Office and Home add 00200 allow ip from xxx xxx xxx xxx xxx to any add 00201 allow ip from any to xxx xxx xxx xxx add 00202 allow all from xxx xxx xxx xxx to any add 00203 allow all from any to xxx xxx xxx xxx # Allow fxp0 out add 00204 allow all from any to any out # Allow local net add 02000 allow ip from any to any via fxp1 # email add 04000 allow all from xxx xxx xxx xxx to any add 04010 allow all from any to xxx xxx xxx xxx add 04020 allow all from xxx xxx xxx xxx to any add 04030 allow all from any to xxx xxx xxx xxx add 04040 allow tcp from any to any 25,587 add 04050 allow tcp from any 25,587 to any # Bruteblock add 08000 deny ip from table(1) to me add 08001 deny ip from me to table(1) add 09050 allow udp from any to any 53 in # Email Test add 09100 allow icmp from any to any icmptypes 0,3,4,5,8,9,10,11,12,13,14,15,16,17,18 add 65535 deny ip from any to any Oddly enough, I have several machies that are setup identicly and this is the only one that has stikky rules from /etc/rc.firewall. Any one have any idea what knob might have been turned that causes the sticky startup rules? -Grant