From owner-freebsd-questions  Wed Jan 22  7:18:50 2003
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 58E1637B401
	for <freebsd-questions@freebsd.org>; Wed, 22 Jan 2003 07:18:49 -0800 (PST)
Received: from catflap.home.slightlystrange.org (pc1-cmbg1-4-cust43.cmbg.cable.ntl.com [62.253.133.43])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 7036F43EB2
	for <freebsd-questions@freebsd.org>; Wed, 22 Jan 2003 07:18:43 -0800 (PST)
	(envelope-from dan@slightlystrange.org)
Received: from danielby by catflap.home.slightlystrange.org with local (Exim 3.36 #1)
	id 18bMe9-000LF1-00
	for freebsd-questions@freebsd.org; Wed, 22 Jan 2003 15:18:33 +0000
Date: Wed, 22 Jan 2003 15:18:33 +0000
From: Daniel Bye <dan@slightlystrange.org>
To: freebsd-questions@freebsd.org
Subject: Re: questions about static ipfw rules
Message-ID: <20030122151833.GA80680@catflap.home.slightlystrange.org>
Reply-To: dan@slightlystrange.org
Mail-Followup-To: freebsd-questions@freebsd.org
References: <Pine.BSI.4.21.0301220931310.19656-100000@granite.sover.net>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <Pine.BSI.4.21.0301220931310.19656-100000@granite.sover.net>
User-Agent: Mutt/1.4i
X-Scanner: exiscan *18bMe9-000LF1-00*eb.5WbshDCY* (SlightlyStrange.org,
		Using NOD32 http://www.nod32.com)
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-questions.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-questions>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-questions>
X-Loop: FreeBSD.ORG

On Wed, Jan 22, 2003 at 09:45:09AM -0500, Stephen D. Kingrea wrote:
> running 4.7 with firewall, natd enabled kernel. i wish to create firewall
> rules outside of the rc.firewall script that remain static across
> reboots. to that end, i created a set (rc.firewall.rules), pointing
> rc.conf to that set:
> 
> firewall_enable="YES"
> firewall_type="/etc/rc.firewall.rules"

You should change "firewall_type" to "firewall_script".  You should then
find all works as you want.

> natd_enable="YES".....etc....
> 
> /etc/rc.firewall.rules lines are in the format:
> 
> add 00100 all ip from any to any via lo0
> add 00200 deny ip from any to 127.0.0.0/8
> .......etc.....
> 
> is this right? when i boot to these conditions, and ipfw show, i get
> the set that appears when i set firewall_type="OPEN"
> 
> is this the proper format for rules in a static file?
> 
> regards to all!
> 
> stephen d. kingrea
> 
> 
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-questions" in the body of the message

-- 
Daniel Bye

PGP Key: ftp://ftp.slightlystrange.org/pgpkey/dan.asc
PGP Key fingerprint: 3D73 AF47 D448 C5CA 88B4 0DCF 849C 1C33 3C48 2CDC
                                                                     _
                                              ASCII ribbon campaign ( )
                                         - against HTML, vCards and  X
                                - proprietary attachments in e-mail / \

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message