From owner-freebsd-questions@FreeBSD.ORG  Wed Jan 24 20:56:12 2007
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
X-Original-To: questions@freebsd.org
Delivered-To: freebsd-questions@FreeBSD.ORG
Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52])
	by hub.freebsd.org (Postfix) with ESMTP id CF70B16A408
	for <questions@freebsd.org>; Wed, 24 Jan 2007 20:56:12 +0000 (UTC)
	(envelope-from lists@qwirky.net)
Received: from public.aci.on.ca (aci.on.ca [205.207.148.251])
	by mx1.freebsd.org (Postfix) with ESMTP id 7BEFE13C4E7
	for <questions@freebsd.org>; Wed, 24 Jan 2007 20:56:11 +0000 (UTC)
	(envelope-from lists@qwirky.net)
Received: from (invalid client hostname: host address literal does not match
	remote client address)[127.0.0.1]
	(xtreme-156-171.dyn.aci.on.ca[69.17.156.171] port=4386)
	by public.aci.on.ca([205.207.148.252] port=25)
	via TCP with esmtp (1788 bytes) (sender: <lists@qwirky.net>)
	id <m1H9osR-003QVFC@public.aci.on.ca> for <questions@freebsd.org>;
	Wed, 24 Jan 2007 15:37:51 -0500 (EST)
	(Smail-3.2.0.122-Pre 2005-Nov-17 #1 built 2006-Feb-21)
Message-ID: <45B7C39E.5080605@qwirky.net>
Date: Wed, 24 Jan 2007 15:37:50 -0500
From: Jeff Royle <lists@qwirky.net>
User-Agent: Thunderbird 1.5.0.9 (Windows/20061207)
MIME-Version: 1.0
To: questions@freebsd.org
References: <20070124152310.E82156@prime.gushi.org>
In-Reply-To: <20070124152310.E82156@prime.gushi.org>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
X-Antivirus: avast! (VPS 0706-1, 24/01/2007), Outbound message
X-Antivirus-Status: Clean
Cc: 
Subject: Re: Problem with "ipfw flush"
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
Reply-To: lists@qwirky.net
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 24 Jan 2007 20:56:12 -0000

Dan Mahoney, System Admin wrote:
> Hey all.
> 
> In trying to tweak my firewall setup I'm using a file called 
> /etc/ipfw.rules
> 
> However, it seems even though I copy my rules perfectly to that file, 
> the system freezes up and locks me out when I do:
> 
> ipfw -f flush; ipfw /etc/ipfw.rules
> 
> I've also tried doing it as
> 
> ipfw -f flush && ipfw /etc/ipfw.rules
> 
> But to no avail.
> 
> if it matters, ipfw is loaded as a kernel module, not compiled in.
> 
> -Dan
> 
> -- 

I haven't used IPFW in a while but if I recall right IPFW has a default 
policy of drop.   So when you flush the ruleset your pass rules are all 
gone.

You could run the command like: ipfw -f flush && ipfw /etc/ipfw.rules

That should allow you flush and load your ruleset.   You may also want 
to look into changing the default policy to accept.   However this may 
require you to adjust your rules depending on how you wrote them.

Cheers,

Jeff