From owner-freebsd-questions  Thu Aug 20 09:19:51 1998
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id JAA04919
          for freebsd-questions-outgoing; Thu, 20 Aug 1998 09:19:51 -0700 (PDT)
          (envelope-from owner-freebsd-questions@FreeBSD.ORG)
Received: from cyclone.degnet.baynet.de (www.degnet.baynet.de [194.95.214.129])
          by hub.freebsd.org (8.8.8/8.8.8) with SMTP id JAA04876
          for <freebsd-questions@freebsd.org>; Thu, 20 Aug 1998 09:19:40 -0700 (PDT)
          (envelope-from malte.lance@gmx.net)
Received: from neuron.webmore.de (unverified [194.95.214.181]) by cyclone.degnet.baynet.de
 (EMWAC SMTPRS 0.83) with SMTP id <B0000054271@cyclone.degnet.baynet.de>;
 Thu, 20 Aug 1998 18:19:33 +0200
Received: (from malte.lance@gmx.net)
          by neuron.webmore.de (8.8.8/8.8.8) id RAA03316;
          Thu, 20 Aug 1998 17:47:40 +0200 (CEST)
From: Malte Lance <malte.lance@gmx.net>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Date: Thu, 20 Aug 1998 17:47:40 +0200 (CEST)
To: wwoods@cybcon.com
Cc: FreeBSD Questions <freebsd-questions@FreeBSD.ORG>
Subject: Re: Firewall
In-Reply-To: <XFMail.980820055314.wwoods@cybcon.com>
References: <XFMail.980820055314.wwoods@cybcon.com>
X-Mailer: VM 6.43 under 20.4 "Emerald" XEmacs  Lucid
Message-ID: <13788.17366.774415.752972@neuron.webmore.de>
Reply-To: malte.lance@gmx.net
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

William Woods writes:
 > I have a script that every day does a ipfw list > /home/william/ipfwlist to
 > save my firewall settings in case I need to reboot. Now what I would like to do
 > is when I boot have those rules loaded automatically.
 > 
 > This is the settings in use in my rc.firewall file: 
 > 
 > if [ "${firewall_type}" = "open" -o "${firewall_type}" = "OPEN" ]; then   
 > 
 > $fwcmd add 65000 pass all from any to any
 > $fwcmd add 63000 deny log icmp from any to 205.147.76.99 icmptype 8
 > $fwcmd add 62099 allow icmp from 205.147.76.99 to 205.147.76.99 icmmptype 8
 > 
 > 
 > Would it be possible to replace these with something along the lines of
 > 
 > ipfw /home/william/ipfwlist .

Yes.

 > 
 > or can you suggest a better way?

>From the beginning of /etc/rc.firewall:

############
# Define the firewall type in /etc/rc.conf.  Valid values are:
#   open     - will allow anyone in
#   client   - will try to protect just this machine
#   simple   - will try to protect a whole network
#   closed   - totally disables IP services except via lo0 interface
#   UNKNOWN  - disables the loading of firewall rules.
#   filename - will load the rules in the given filename (full path required)

So why don't you use the filename-method ?
Just specify the path to the firewall-rule-file in /etc/rc.conf
(This is on my 2.2.6-box)

Malte.

 > ---------------------
 > William Woods <wwoods@cybcon.com>
 > Date: 20-Aug-98 / Time: 05:45:54 
 > goto to: http//www.freebsd.org. 
 > --> FreeBSD 3.0 CURRENT <--
 > 
 > 
 > To Unsubscribe: send mail to majordomo@FreeBSD.org
 > with "unsubscribe freebsd-questions" in the body of the message

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message