From owner-freebsd-questions  Wed Jan 22 10:25:42 2003
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id ABE6B37B401
	for <freebsd-questions@FreeBSD.ORG>; Wed, 22 Jan 2003 10:25:40 -0800 (PST)
Received: from mailgate1.sover.net (mailgate1.sover.net [209.198.87.60])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 4BED043ED8
	for <freebsd-questions@FreeBSD.ORG>; Wed, 22 Jan 2003 10:25:36 -0800 (PST)
	(envelope-from reytech@sover.net)
Received: from granite.sover.net (granite.sover.net [209.198.87.33])
	by mailgate1.sover.net (8.11.6/8.11.6) with ESMTP id h0MIPSD29210;
	Wed, 22 Jan 2003 13:25:29 -0500 (EST)
Date: Wed, 22 Jan 2003 13:25:28 -0500 (EST)
From: "Stephen D. Kingrea" <reytech@sover.net>
To: Daniel Bye <dan@slightlystrange.org>
Cc: freebsd-questions@FreeBSD.ORG
Subject: Re: questions about static ipfw rules
In-Reply-To: <20030122153013.GB80680@catflap.home.slightlystrange.org>
Message-ID: <Pine.BSI.4.21.0301221314090.24858-100000@granite.sover.net>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-questions.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-questions>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-questions>
X-Loop: FreeBSD.ORG

On Wed, 22 Jan 2003, Daniel Bye wrote:

>On Wed, Jan 22, 2003 at 03:18:33PM +0000, Daniel Bye wrote:
>> On Wed, Jan 22, 2003 at 09:45:09AM -0500, Stephen D. Kingrea wrote:
>> > running 4.7 with firewall, natd enabled kernel. i wish to create firewall
>> > rules outside of the rc.firewall script that remain static across
>> > reboots. to that end, i created a set (rc.firewall.rules), pointing
>> > rc.conf to that set:
>> > 
>> > firewall_enable="YES"
>> > firewall_type="/etc/rc.firewall.rules"
>> 
>> You should change "firewall_type" to "firewall_script".  You should then
>> find all works as you want.
>
>Well, almost...  If you do it this way, you need to make sure the script
>file is executable and makes sense as a shell script.  I use something
>like 
>
>#!/bin/sh
>IPFW=/sbin/ipfw
>${IPFW} -f flush
>${IPFW} add 100 allow ip from any to any via lo0
>... etc.
>
>It works well for me.
>
>Dan
>
yes, that worked quite well. thank you for that nugget!

i should say that joebs' suggestions concerning ipfilter are worthy of
investigation. i really just needed this to be able to ftp files from
inside my lan without having to retype rules at every boot. 

thanks!

stephen



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message