From owner-freebsd-ipfw@FreeBSD.ORG  Fri Sep 23 18:50:19 2005
Return-Path: <owner-freebsd-ipfw@FreeBSD.ORG>
X-Original-To: freebsd-ipfw@freebsd.org
Delivered-To: freebsd-ipfw@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id BCFD716A41F
	for <freebsd-ipfw@freebsd.org>; Fri, 23 Sep 2005 18:50:19 +0000 (GMT)
	(envelope-from gbryant@roamingsolutions.net)
Received: from basillia.speedxs.net (basillia.speedxs.net [83.98.255.13])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 5CCDC43D48
	for <freebsd-ipfw@freebsd.org>; Fri, 23 Sep 2005 18:50:19 +0000 (GMT)
	(envelope-from gbryant@roamingsolutions.net)
Received: from ongers.net (ongers.speedxs.nl [83.98.237.210])
	by basillia.speedxs.net (Postfix) with ESMTP id E755F2F006;
	Fri, 23 Sep 2005 20:39:18 +0200 (CEST)
Received: from (66.110.35.16 [66.110.35.16]) by MailEnable Inbound Mail Agent
	with ESMTP; Fri, 23 Sep 2005 20:55:09 +0200
Message-ID: <43344E4B.9060700@roamingsolutions.net>
Date: Fri, 23 Sep 2005 20:49:47 +0200
From: G Bryant <gbryant@roamingsolutions.net>
User-Agent: Mozilla Thunderbird 0.9 (Windows/20041103)
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: scuba@centroin.com.br
References: <Pine.BSI.4.33.0509231307470.20428-100000@hypselo.centroin.com.br>
In-Reply-To: <Pine.BSI.4.33.0509231307470.20428-100000@hypselo.centroin.com.br>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Cc: freebsd-ipfw@freebsd.org
Subject: Re: Enable ipfw without rebooting
X-BeenThere: freebsd-ipfw@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: IPFW Technical Discussions <freebsd-ipfw.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw>,
	<mailto:freebsd-ipfw-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-ipfw>
List-Post: <mailto:freebsd-ipfw@freebsd.org>
List-Help: <mailto:freebsd-ipfw-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw>,
	<mailto:freebsd-ipfw-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 23 Sep 2005 18:50:19 -0000

You could use ipfw sets and disable the sets at the start of the script 
- excluding the pass-thru rules.
My rc.firewall script disables all the scripts and only enables the ones 
I want.  I can then run scripts from cron to enable/ disable any sets I 
like.  You can load all the rules you want into sets that are disabled, 
and then you can enable them at will.
That's one suggestion - although I did see a command somewhere to 
disable ipfw at runtime.  man ipfw
Regards, Graham

scuba@centroin.com.br wrote:

>Hi all,
>
>	What is the best way to enable/disable ipfw on a FBSD 5.x box,
>without reboot?
>
>	I.e. If I have a box that booted with 'firewall_enable="NO"' in
>rc.conf, how can I enable it without reboot?
>
>Thank you,
>
>- Marcelo
>
>
>_______________________________________________
>freebsd-ipfw@freebsd.org mailing list
>http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw
>To unsubscribe, send any mail to "freebsd-ipfw-unsubscribe@freebsd.org"
>
>
>  
>