From owner-freebsd-questions Thu Aug 20 09:19:51 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id JAA04919 for freebsd-questions-outgoing; Thu, 20 Aug 1998 09:19:51 -0700 (PDT) (envelope-from owner-freebsd-questions@FreeBSD.ORG) Received: from cyclone.degnet.baynet.de (www.degnet.baynet.de [194.95.214.129]) by hub.freebsd.org (8.8.8/8.8.8) with SMTP id JAA04876 for ; Thu, 20 Aug 1998 09:19:40 -0700 (PDT) (envelope-from malte.lance@gmx.net) Received: from neuron.webmore.de (unverified [194.95.214.181]) by cyclone.degnet.baynet.de (EMWAC SMTPRS 0.83) with SMTP id ; Thu, 20 Aug 1998 18:19:33 +0200 Received: (from malte.lance@gmx.net) by neuron.webmore.de (8.8.8/8.8.8) id RAA03316; Thu, 20 Aug 1998 17:47:40 +0200 (CEST) From: Malte Lance MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Date: Thu, 20 Aug 1998 17:47:40 +0200 (CEST) To: wwoods@cybcon.com Cc: FreeBSD Questions Subject: Re: Firewall In-Reply-To: References: X-Mailer: VM 6.43 under 20.4 "Emerald" XEmacs Lucid Message-ID: <13788.17366.774415.752972@neuron.webmore.de> Reply-To: malte.lance@gmx.net Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG William Woods writes: > I have a script that every day does a ipfw list > /home/william/ipfwlist to > save my firewall settings in case I need to reboot. Now what I would like to do > is when I boot have those rules loaded automatically. > > This is the settings in use in my rc.firewall file: > > if [ "${firewall_type}" = "open" -o "${firewall_type}" = "OPEN" ]; then > > $fwcmd add 65000 pass all from any to any > $fwcmd add 63000 deny log icmp from any to 205.147.76.99 icmptype 8 > $fwcmd add 62099 allow icmp from 205.147.76.99 to 205.147.76.99 icmmptype 8 > > > Would it be possible to replace these with something along the lines of > > ipfw /home/william/ipfwlist . Yes. > > or can you suggest a better way? >From the beginning of /etc/rc.firewall: ############ # Define the firewall type in /etc/rc.conf. Valid values are: # open - will allow anyone in # client - will try to protect just this machine # simple - will try to protect a whole network # closed - totally disables IP services except via lo0 interface # UNKNOWN - disables the loading of firewall rules. # filename - will load the rules in the given filename (full path required) So why don't you use the filename-method ? Just specify the path to the firewall-rule-file in /etc/rc.conf (This is on my 2.2.6-box) Malte. > --------------------- > William Woods > Date: 20-Aug-98 / Time: 05:45:54 > goto to: http//www.freebsd.org. > --> FreeBSD 3.0 CURRENT <-- > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-questions" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message