From owner-freebsd-questions@FreeBSD.ORG Wed Jan 24 20:56:12 2007 Return-Path: X-Original-To: questions@freebsd.org Delivered-To: freebsd-questions@FreeBSD.ORG Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id CF70B16A408 for ; Wed, 24 Jan 2007 20:56:12 +0000 (UTC) (envelope-from lists@qwirky.net) Received: from public.aci.on.ca (aci.on.ca [205.207.148.251]) by mx1.freebsd.org (Postfix) with ESMTP id 7BEFE13C4E7 for ; Wed, 24 Jan 2007 20:56:11 +0000 (UTC) (envelope-from lists@qwirky.net) Received: from (invalid client hostname: host address literal does not match remote client address)[127.0.0.1] (xtreme-156-171.dyn.aci.on.ca[69.17.156.171] port=4386) by public.aci.on.ca([205.207.148.252] port=25) via TCP with esmtp (1788 bytes) (sender: ) id for ; Wed, 24 Jan 2007 15:37:51 -0500 (EST) (Smail-3.2.0.122-Pre 2005-Nov-17 #1 built 2006-Feb-21) Message-ID: <45B7C39E.5080605@qwirky.net> Date: Wed, 24 Jan 2007 15:37:50 -0500 From: Jeff Royle User-Agent: Thunderbird 1.5.0.9 (Windows/20061207) MIME-Version: 1.0 To: questions@freebsd.org References: <20070124152310.E82156@prime.gushi.org> In-Reply-To: <20070124152310.E82156@prime.gushi.org> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-Antivirus: avast! (VPS 0706-1, 24/01/2007), Outbound message X-Antivirus-Status: Clean Cc: Subject: Re: Problem with "ipfw flush" X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: lists@qwirky.net List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 24 Jan 2007 20:56:12 -0000 Dan Mahoney, System Admin wrote: > Hey all. > > In trying to tweak my firewall setup I'm using a file called > /etc/ipfw.rules > > However, it seems even though I copy my rules perfectly to that file, > the system freezes up and locks me out when I do: > > ipfw -f flush; ipfw /etc/ipfw.rules > > I've also tried doing it as > > ipfw -f flush && ipfw /etc/ipfw.rules > > But to no avail. > > if it matters, ipfw is loaded as a kernel module, not compiled in. > > -Dan > > -- I haven't used IPFW in a while but if I recall right IPFW has a default policy of drop. So when you flush the ruleset your pass rules are all gone. You could run the command like: ipfw -f flush && ipfw /etc/ipfw.rules That should allow you flush and load your ruleset. You may also want to look into changing the default policy to accept. However this may require you to adjust your rules depending on how you wrote them. Cheers, Jeff