Skip site navigation (1)Skip section navigation (2)
Date:      Wed, 22 Jan 2003 15:30:14 +0000
From:      Daniel Bye <dan@slightlystrange.org>
To:        freebsd-questions@freebsd.org
Subject:   Re: questions about static ipfw rules
Message-ID:  <20030122153013.GB80680@catflap.home.slightlystrange.org>
In-Reply-To: <20030122151833.GA80680@catflap.home.slightlystrange.org>
References:  <Pine.BSI.4.21.0301220931310.19656-100000@granite.sover.net> <20030122151833.GA80680@catflap.home.slightlystrange.org>

next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, Jan 22, 2003 at 03:18:33PM +0000, Daniel Bye wrote:
> On Wed, Jan 22, 2003 at 09:45:09AM -0500, Stephen D. Kingrea wrote:
> > running 4.7 with firewall, natd enabled kernel. i wish to create firewall
> > rules outside of the rc.firewall script that remain static across
> > reboots. to that end, i created a set (rc.firewall.rules), pointing
> > rc.conf to that set:
> > 
> > firewall_enable="YES"
> > firewall_type="/etc/rc.firewall.rules"
> 
> You should change "firewall_type" to "firewall_script".  You should then
> find all works as you want.

Well, almost...  If you do it this way, you need to make sure the script
file is executable and makes sense as a shell script.  I use something
like 

#!/bin/sh
IPFW=/sbin/ipfw
${IPFW} -f flush
${IPFW} add 100 allow ip from any to any via lo0
... etc.

It works well for me.

Dan

-- 
Daniel Bye

PGP Key: ftp://ftp.slightlystrange.org/pgpkey/dan.asc
PGP Key fingerprint: 3D73 AF47 D448 C5CA 88B4 0DCF 849C 1C33 3C48 2CDC
                                                                     _
                                              ASCII ribbon campaign ( )
                                         - against HTML, vCards and  X
                                - proprietary attachments in e-mail / \

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20030122153013.GB80680>