From owner-freebsd-questions Wed Jun 16 20:32:36 1999 Delivered-To: freebsd-questions@freebsd.org Received: from webmail01.expnet.net (c879583-e.ptbrg1.sfba.home.com [24.1.122.239]) by hub.freebsd.org (Postfix) with ESMTP id 2C06114BDA for ; Wed, 16 Jun 1999 20:32:33 -0700 (PDT) (envelope-from noc@expnet.net) Received: from briansarmada [10.28.245.81] by webmail01.expnet.net (SMTPD32-5.01) id AD63178C0150; Wed, 16 Jun 1999 20:37:07 PDT Message-ID: <002b01beb870$bf5f62e0$51f51c0a@expnet.net> From: "Brian Gallucci" To: "Andrew Johns" , "Alfred Perlstein" Cc: "FreeBSD" References: <000f01beb860$66916b50$4001a8c0@tasajohns.turnaround.com.au> Subject: Re: Firewall Rules Date: Wed, 16 Jun 1999 20:23:19 -0700 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.00.2314.1300 X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2314.1300 Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG It just locked me out I had to reload them at the console.. Anymore ideas ? Thanks -Brian ----- Original Message ----- From: Andrew Johns To: Alfred Perlstein ; Brian Gallucci Cc: FreeBSD Sent: Wednesday, June 16, 1999 6:26 PM Subject: RE: Firewall Rules > No, no, no - do NOT follow the previous example as you will be > disconected and you'll need console access to recover!!! See below for > reasons... > > > -----Original Message----- > > From: owner-freebsd-questions@FreeBSD.ORG > > [mailto:owner-freebsd-questions@FreeBSD.ORG]On Behalf Of Alfred > > Perlstein > > Sent: Thursday, 17 June 1999 10:55 > > To: Brian Gallucci > > Cc: FreeBSD > > Subject: Re: Firewall Rules > > > > > > On Wed, 16 Jun 1999, Brian Gallucci wrote: > > > > > Can someone tell me how do dump firewall rules and then > > reload them while > > > you are loged into the box via telnet. > > > > > > At the console I'm using > > > ipfw -f flush > > > > > > And to reload the firewall I use > > > sh /etc/rc.firewall > > > > > > I need to update the firewall when I'm off site and the > > only way I can seem > > > to update is to reboot. < Which is not a good thing > > > > > > > I'm running IPFW and the box is NATD running on FreeBSD 2.2.8 > > > > um... > > > > combine them on one line: > > > > ipfw -f flush ; sh /etc/rc.firewall > > > > it should flush the firewall and then reload it, you'll momentarily > > loose responsiveness, then you should get a prompt, give it 10-20 > > seconds for the next prompt to appear. > > > > >From the ipfw man page: > -q While adding, zeroing or flushing, be quiet about actions > (implies > '-f'). This is useful for adjusting rules by executing multiple > ipfw commands in a script (e.g. sh /etc/rc.firewall), or by pro- > cessing a file of many ipfw rules, across a remote login session. > > If a flush is performed in normal (verbose) mode (with the > default > kernel configuration), it prints a message. Because all rules > are > flushed, the message cannot be delivered to the login session, > the > login session is closed and the remainder of the ruleset is not > processed. Access to the console is required to recover. > > Alfred, you were very close, but without the -q yoou'll need to get to > the console to recover as the second command will be lucky if it gets > run... > > try: > > ipfw -q flush ; sh /etc/rc.firewall > > instead. Note that -q implies -f > > HTH > > #include > > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message