Date: Thu, 17 Jun 1999 11:26:19 +1000 From: "Andrew Johns" <ajohns@TurnAround.com.au> To: "Alfred Perlstein" <bright@rush.net>, "Brian Gallucci" <noc@expnet.net> Cc: "FreeBSD" <freebsd-questions@FreeBSD.ORG> Subject: RE: Firewall Rules Message-ID: <000f01beb860$66916b50$4001a8c0@tasajohns.turnaround.com.au> In-Reply-To: <Pine.BSF.3.96.990616195324.14320k-100000@cygnus.rush.net>
next in thread | previous in thread | raw e-mail | index | archive | help
No, no, no - do NOT follow the previous example as you will be
disconected and you'll need console access to recover!!! See below for
reasons...
> -----Original Message-----
> From: owner-freebsd-questions@FreeBSD.ORG
> [mailto:owner-freebsd-questions@FreeBSD.ORG]On Behalf Of Alfred
> Perlstein
> Sent: Thursday, 17 June 1999 10:55
> To: Brian Gallucci
> Cc: FreeBSD
> Subject: Re: Firewall Rules
>
>
> On Wed, 16 Jun 1999, Brian Gallucci wrote:
>
> > Can someone tell me how do dump firewall rules and then
> reload them while
> > you are loged into the box via telnet.
> >
> > At the console I'm using
> > ipfw -f flush
> >
> > And to reload the firewall I use
> > sh /etc/rc.firewall
> >
> > I need to update the firewall when I'm off site and the
> only way I can seem
> > to update is to reboot. < Which is not a good thing >
> >
> > I'm running IPFW and the box is NATD running on FreeBSD 2.2.8
>
> um...
>
> combine them on one line:
>
> ipfw -f flush ; sh /etc/rc.firewall
>
> it should flush the firewall and then reload it, you'll momentarily
> loose responsiveness, then you should get a prompt, give it 10-20
> seconds for the next prompt to appear.
>
From the ipfw man page:
-q While adding, zeroing or flushing, be quiet about actions
(implies
'-f'). This is useful for adjusting rules by executing multiple
ipfw commands in a script (e.g. sh /etc/rc.firewall), or by pro-
cessing a file of many ipfw rules, across a remote login session.
If a flush is performed in normal (verbose) mode (with the
default
kernel configuration), it prints a message. Because all rules
are
flushed, the message cannot be delivered to the login session,
the
login session is closed and the remainder of the ruleset is not
processed. Access to the console is required to recover.
Alfred, you were very close, but without the -q yoou'll need to get to
the console to recover as the second command will be lucky if it gets
run...
try:
ipfw -q flush ; sh /etc/rc.firewall
instead. Note that -q implies -f
HTH
#include <sig here>
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?000f01beb860$66916b50$4001a8c0>