Date: Wed, 16 Jun 1999 20:23:19 -0700 From: "Brian Gallucci" <noc@expnet.net> To: "Andrew Johns" <ajohns@TurnAround.com.au>, "Alfred Perlstein" <bright@rush.net> Cc: "FreeBSD" <freebsd-questions@FreeBSD.ORG> Subject: Re: Firewall Rules Message-ID: <002b01beb870$bf5f62e0$51f51c0a@expnet.net> References: <000f01beb860$66916b50$4001a8c0@tasajohns.turnaround.com.au>
next in thread | previous in thread | raw e-mail | index | archive | help
It just locked me out I had to reload them at the console.. Anymore ideas ? Thanks -Brian ----- Original Message ----- From: Andrew Johns <ajohns@TurnAround.com.au> To: Alfred Perlstein <bright@rush.net>; Brian Gallucci <noc@expnet.net> Cc: FreeBSD <freebsd-questions@FreeBSD.ORG> Sent: Wednesday, June 16, 1999 6:26 PM Subject: RE: Firewall Rules > No, no, no - do NOT follow the previous example as you will be > disconected and you'll need console access to recover!!! See below for > reasons... > > > -----Original Message----- > > From: owner-freebsd-questions@FreeBSD.ORG > > [mailto:owner-freebsd-questions@FreeBSD.ORG]On Behalf Of Alfred > > Perlstein > > Sent: Thursday, 17 June 1999 10:55 > > To: Brian Gallucci > > Cc: FreeBSD > > Subject: Re: Firewall Rules > > > > > > On Wed, 16 Jun 1999, Brian Gallucci wrote: > > > > > Can someone tell me how do dump firewall rules and then > > reload them while > > > you are loged into the box via telnet. > > > > > > At the console I'm using > > > ipfw -f flush > > > > > > And to reload the firewall I use > > > sh /etc/rc.firewall > > > > > > I need to update the firewall when I'm off site and the > > only way I can seem > > > to update is to reboot. < Which is not a good thing > > > > > > > I'm running IPFW and the box is NATD running on FreeBSD 2.2.8 > > > > um... > > > > combine them on one line: > > > > ipfw -f flush ; sh /etc/rc.firewall > > > > it should flush the firewall and then reload it, you'll momentarily > > loose responsiveness, then you should get a prompt, give it 10-20 > > seconds for the next prompt to appear. > > > > >From the ipfw man page: > -q While adding, zeroing or flushing, be quiet about actions > (implies > '-f'). This is useful for adjusting rules by executing multiple > ipfw commands in a script (e.g. sh /etc/rc.firewall), or by pro- > cessing a file of many ipfw rules, across a remote login session. > > If a flush is performed in normal (verbose) mode (with the > default > kernel configuration), it prints a message. Because all rules > are > flushed, the message cannot be delivered to the login session, > the > login session is closed and the remainder of the ruleset is not > processed. Access to the console is required to recover. > > Alfred, you were very close, but without the -q yoou'll need to get to > the console to recover as the second command will be lucky if it gets > run... > > try: > > ipfw -q flush ; sh /etc/rc.firewall > > instead. Note that -q implies -f > > HTH > > #include <sig here> > > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?002b01beb870$bf5f62e0$51f51c0a>