Date: Wed, 22 Jan 2003 15:30:14 +0000 From: Daniel Bye <dan@slightlystrange.org> To: freebsd-questions@freebsd.org Subject: Re: questions about static ipfw rules Message-ID: <20030122153013.GB80680@catflap.home.slightlystrange.org> In-Reply-To: <20030122151833.GA80680@catflap.home.slightlystrange.org> References: <Pine.BSI.4.21.0301220931310.19656-100000@granite.sover.net> <20030122151833.GA80680@catflap.home.slightlystrange.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, Jan 22, 2003 at 03:18:33PM +0000, Daniel Bye wrote:
> On Wed, Jan 22, 2003 at 09:45:09AM -0500, Stephen D. Kingrea wrote:
> > running 4.7 with firewall, natd enabled kernel. i wish to create firewall
> > rules outside of the rc.firewall script that remain static across
> > reboots. to that end, i created a set (rc.firewall.rules), pointing
> > rc.conf to that set:
> >
> > firewall_enable="YES"
> > firewall_type="/etc/rc.firewall.rules"
>
> You should change "firewall_type" to "firewall_script". You should then
> find all works as you want.
Well, almost... If you do it this way, you need to make sure the script
file is executable and makes sense as a shell script. I use something
like
#!/bin/sh
IPFW=/sbin/ipfw
${IPFW} -f flush
${IPFW} add 100 allow ip from any to any via lo0
... etc.
It works well for me.
Dan
--
Daniel Bye
PGP Key: ftp://ftp.slightlystrange.org/pgpkey/dan.asc
PGP Key fingerprint: 3D73 AF47 D448 C5CA 88B4 0DCF 849C 1C33 3C48 2CDC
_
ASCII ribbon campaign ( )
- against HTML, vCards and X
- proprietary attachments in e-mail / \
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20030122153013.GB80680>