From owner-freebsd-questions@FreeBSD.ORG Wed Jan 24 20:59:29 2007 Return-Path: X-Original-To: questions@freebsd.org Delivered-To: freebsd-questions@FreeBSD.ORG Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 5381E16A400 for ; Wed, 24 Jan 2007 20:59:29 +0000 (UTC) (envelope-from lists@qwirky.net) Received: from public.aci.on.ca (public.aci.on.ca [205.207.148.251]) by mx1.freebsd.org (Postfix) with ESMTP id 0042D13C44C for ; Wed, 24 Jan 2007 20:59:28 +0000 (UTC) (envelope-from lists@qwirky.net) Received: from (invalid client hostname: host address literal does not match remote client address)[127.0.0.1] (xtreme-156-171.dyn.aci.on.ca[69.17.156.171] port=4503) by public.aci.on.ca([205.207.148.252] port=25) via TCP with esmtp (2240 bytes) (sender: ) id for ; Wed, 24 Jan 2007 15:59:25 -0500 (EST) (Smail-3.2.0.122-Pre 2005-Nov-17 #1 built 2006-Feb-21) Message-ID: <45B7C8AE.6060805@qwirky.net> Date: Wed, 24 Jan 2007 15:59:26 -0500 From: Jeff Royle User-Agent: Thunderbird 1.5.0.9 (Windows/20061207) MIME-Version: 1.0 To: lists@qwirky.net References: <20070124152310.E82156@prime.gushi.org> <45B7C39E.5080605@qwirky.net> In-Reply-To: <45B7C39E.5080605@qwirky.net> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-Antivirus: avast! (VPS 0706-1, 24/01/2007), Outbound message X-Antivirus-Status: Clean Cc: questions@freebsd.org Subject: Re: Problem with "ipfw flush" X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: lists@qwirky.net List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 24 Jan 2007 20:59:29 -0000 Jeff Royle wrote: > Dan Mahoney, System Admin wrote: >> Hey all. >> >> In trying to tweak my firewall setup I'm using a file called >> /etc/ipfw.rules >> >> However, it seems even though I copy my rules perfectly to that file, >> the system freezes up and locks me out when I do: >> >> ipfw -f flush; ipfw /etc/ipfw.rules >> >> I've also tried doing it as >> >> ipfw -f flush && ipfw /etc/ipfw.rules >> >> But to no avail. >> >> if it matters, ipfw is loaded as a kernel module, not compiled in. >> >> -Dan >> >> -- > > I haven't used IPFW in a while but if I recall right IPFW has a default > policy of drop. So when you flush the ruleset your pass rules are all > gone. > > You could run the command like: ipfw -f flush && ipfw /etc/ipfw.rules > > That should allow you flush and load your ruleset. You may also want > to look into changing the default policy to accept. However this may > require you to adjust your rules depending on how you wrote them. > > Cheers, > > Jeff > _______________________________________________ Opps I am sorry, I got pulled away while reading your original email, guess I didn't finish reading it. I see you are trying &&. You still may want to look into a default policy of accept for IPFW, this way its a non issue. Sorry for the wasted bandwidth! :) Cheers, Jeff