Skip site navigation (1)Skip section navigation (2) 
Date:      Thu, 25 Jan 2007 05:57:03 +0500
From:      applecom@inbox.ru
To:        questions@freebsd.org
Subject:   Re: Problem with "ipfw flush"
Message-ID:  <op.tmop9dtahbloih@xml.opera.com>
In-Reply-To: <20070124185059.P55095@prime.gushi.org>
References:  <20070124152310.E82156@prime.gushi.org> <45B7D086.7040400@daleco.biz> <20070124185059.P55095@prime.gushi.org>
next in thread | previous in thread | raw e-mail | index | archive | help 
Dan Mahoney, System Admin <danm@prime.gushi.org> wrote:

> Even if I add the "flush" command directly to /etc/ipfw.rules, and run
> ipfw -f /etc/ipfw.rules right from the command line, my connection gets
> dropped and the rest of the commands do not run.
>  In experimenting a bit more, I've found that I can do:
>  nohup ipfw -f /etc/ipfw.rules
>  This allows the rest of the ipfw command to run, but the HUP-on-disconnect
> still doesn't explain why the command doesn't even finish running.

If I understands rightly you need -q option. ipfw(8):

-q      While adding, zeroing, resetlogging or flushing, be quiet about
          actions (implies -f).  This is useful for adjusting rules by exe-
          cuting multiple ipfw commands in a script (e.g.,
         `sh /etc/rc.firewall'), or by processing a file of many ipfw
                                    ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
          rules across a remote login session.  It also stops a table add
          ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
          or delete from failing if the entry already exists or is not
          present.  If a flush is performed in normal (verbose) mode (with
          the default kernel configuration), it prints a message.  Because
          all rules are flushed, the message might not be delivered to the
          ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
          login session, causing the remote login session to be closed and
          ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
          the remainder of the ruleset to not be processed.  Access to the
          ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
          console would then be required to recover.
          ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?op.tmop9dtahbloih>