From owner-freebsd-questions@FreeBSD.ORG  Thu Jan 25 00:57:06 2007
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
X-Original-To: questions@freebsd.org
Delivered-To: freebsd-questions@FreeBSD.ORG
Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52])
	by hub.freebsd.org (Postfix) with ESMTP id 4031516A405
	for <questions@freebsd.org>; Thu, 25 Jan 2007 00:57:06 +0000 (UTC)
	(envelope-from applecom@inbox.ru)
Received: from mx33.mail.ru (mx33.mail.ru [194.67.23.194])
	by mx1.freebsd.org (Postfix) with ESMTP id 0260313C44B
	for <questions@freebsd.org>; Thu, 25 Jan 2007 00:57:05 +0000 (UTC)
	(envelope-from applecom@inbox.ru)
Received: from [85.115.165.63] (port=62056 helo=xml.opera.com)
	by mx33.mail.ru with asmtp id 1H9svI-000KV3-00
	for questions@freebsd.org; Thu, 25 Jan 2007 03:57:05 +0300
To: questions@freebsd.org
From: applecom@inbox.ru
Content-Type: text/plain; charset=iso-8859-1
MIME-Version: 1.0
References: <20070124152310.E82156@prime.gushi.org>
	<45B7D086.7040400@daleco.biz>
	<20070124185059.P55095@prime.gushi.org>
Content-Transfer-Encoding: 7bit
Date: Thu, 25 Jan 2007 05:57:03 +0500
Message-ID: <op.tmop9dtahbloih@xml.opera.com>
In-Reply-To: <20070124185059.P55095@prime.gushi.org>
User-Agent: Opera Mail/9.10 (FreeBSD)
Cc: 
Subject: Re: Problem with "ipfw flush"
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 25 Jan 2007 00:57:06 -0000

Dan Mahoney, System Admin <danm@prime.gushi.org> wrote:

> Even if I add the "flush" command directly to /etc/ipfw.rules, and run
> ipfw -f /etc/ipfw.rules right from the command line, my connection gets
> dropped and the rest of the commands do not run.
>  In experimenting a bit more, I've found that I can do:
>  nohup ipfw -f /etc/ipfw.rules
>  This allows the rest of the ipfw command to run, but the HUP-on-disconnect
> still doesn't explain why the command doesn't even finish running.

If I understands rightly you need -q option. ipfw(8):

-q      While adding, zeroing, resetlogging or flushing, be quiet about
          actions (implies -f).  This is useful for adjusting rules by exe-
          cuting multiple ipfw commands in a script (e.g.,
         `sh /etc/rc.firewall'), or by processing a file of many ipfw
                                    ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
          rules across a remote login session.  It also stops a table add
          ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
          or delete from failing if the entry already exists or is not
          present.  If a flush is performed in normal (verbose) mode (with
          the default kernel configuration), it prints a message.  Because
          all rules are flushed, the message might not be delivered to the
          ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
          login session, causing the remote login session to be closed and
          ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
          the remainder of the ruleset to not be processed.  Access to the
          ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
          console would then be required to recover.
          ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^