From owner-freebsd-bugs Sun Jun 13 8:16:40 1999 Delivered-To: freebsd-bugs@freebsd.org Received: from flood.ping.uio.no (flood.ping.uio.no [129.240.78.31]) by hub.freebsd.org (Postfix) with ESMTP id 06F6A15020; Sun, 13 Jun 1999 08:16:37 -0700 (PDT) (envelope-from des@flood.ping.uio.no) Received: (from des@localhost) by flood.ping.uio.no (8.9.3/8.9.1) id RAA27434; Sun, 13 Jun 1999 17:16:36 +0200 (CEST) (envelope-from des) To: Cc: adam@veda.is, freebsd-bugs@FreeBSD.ORG Subject: Re: kern/3244: ipfw flush closes connections References: <199906111025.DAA68756@freefall.freebsd.org> From: Dag-Erling Smorgrav Date: 13 Jun 1999 17:16:35 +0200 In-Reply-To: 's message of "Fri, 11 Jun 1999 03:25:04 -0700 (PDT)" Message-ID: Lines: 34 X-Mailer: Gnus v5.5/Emacs 19.34 Sender: owner-freebsd-bugs@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org writes: > State-Changed-From-To: feedback->closed > State-Changed-By: ru > State-Changed-When: Fri Jun 11 03:19:08 PDT 1999 > State-Changed-Why: > Can't reproduce; originator doesn't respond. The correct reply is: this is perfectly normal behaviour. Even if you background your firewall script, it will produce tons of output. telnetd / sshd will attempt to send you that output, and will fail since the firewall rules needed to let that output through aren't yet installed. Depending on what shell you use, the script may continue to run in the background (in which case you can just wait a few seconds and log back in), or the shell may kill it when the telnet / ssh session closes. The only safe way to avoid this is to redirect output to a file (or /dev/null), or to disown the process (your shell will still die, but not the script): # sh /etc/firewall >ipfw.out 2>&1 or # (sh /etc/firewall &) In any case, you should not do stuff like that over a remote connection. There's a good chance of locking yourself out. You should instead to manual incremental changes: if you want to remove a rule, remove it. If you want to add a rule, add it. If you want to change a rule, add the correct version with a *higher* number than the incorrect version, *then* remove the incorrect version. DES -- Dag-Erling Smorgrav - des@flood.ping.uio.no To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-bugs" in the body of the message