Date: 13 Jun 1999 17:16:35 +0200 From: Dag-Erling Smorgrav <des@flood.ping.uio.no> To: <ru@FreeBSD.ORG> Cc: adam@veda.is, freebsd-bugs@FreeBSD.ORG Subject: Re: kern/3244: ipfw flush closes connections Message-ID: <xzp909ot9kc.fsf@flood.ping.uio.no> In-Reply-To: 's message of "Fri, 11 Jun 1999 03:25:04 -0700 (PDT)" References: <199906111025.DAA68756@freefall.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
<ru@FreeBSD.ORG> writes: > State-Changed-From-To: feedback->closed > State-Changed-By: ru > State-Changed-When: Fri Jun 11 03:19:08 PDT 1999 > State-Changed-Why: > Can't reproduce; originator doesn't respond. The correct reply is: this is perfectly normal behaviour. Even if you background your firewall script, it will produce tons of output. telnetd / sshd will attempt to send you that output, and will fail since the firewall rules needed to let that output through aren't yet installed. Depending on what shell you use, the script may continue to run in the background (in which case you can just wait a few seconds and log back in), or the shell may kill it when the telnet / ssh session closes. The only safe way to avoid this is to redirect output to a file (or /dev/null), or to disown the process (your shell will still die, but not the script): # sh /etc/firewall >ipfw.out 2>&1 or # (sh /etc/firewall &) In any case, you should not do stuff like that over a remote connection. There's a good chance of locking yourself out. You should instead to manual incremental changes: if you want to remove a rule, remove it. If you want to add a rule, add it. If you want to change a rule, add the correct version with a *higher* number than the incorrect version, *then* remove the incorrect version. DES -- Dag-Erling Smorgrav - des@flood.ping.uio.no To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-bugs" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?xzp909ot9kc.fsf>