From owner-freebsd-questions@FreeBSD.ORG Sun Jul 13 12:31:47 2003 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 1F8A137B401 for ; Sun, 13 Jul 2003 12:31:47 -0700 (PDT) Received: from rutger.owt.com (rutger.owt.com [204.118.6.16]) by mx1.FreeBSD.org (Postfix) with ESMTP id 73CEF43F85 for ; Sun, 13 Jul 2003 12:31:46 -0700 (PDT) (envelope-from kstewart@owt.com) Received: from topaz-out (owt-207-41-94-233.owt.com [207.41.94.233]) by rutger.owt.com (8.11.6p2/8.9.3) with ESMTP id h6DJTrk30530; Sun, 13 Jul 2003 12:29:53 -0700 From: Kent Stewart To: "RYAN vAN GINNEKEN" , Date: Sun, 13 Jul 2003 12:29:53 -0700 User-Agent: KMail/1.5.2 References: <002001c3496e$70180b40$0200a8c0@v25> In-Reply-To: <002001c3496e$70180b40$0200a8c0@v25> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit Content-Disposition: inline Message-Id: <200307131229.53217.kstewart@owt.com> Subject: Re: RESET FIREWALL WITHOUT REBOOT X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 13 Jul 2003 19:31:47 -0000 On Sunday 13 July 2003 11:41 am, RYAN vAN GINNEKEN wrote: > hello group > > I need to know how to stop and start my firewall rules without > resetting my computer as I am on ADSL and have a dynamic ip that I do > not want to change. seems to change mostly when I reboot mostly. > > so here is the dilemma I run bind apache bincimap postfix and a few > others it is my only server right now and it cant go down because if > I do not get my clients emails I go bankrupt. > > I what to set up a firewall and have compiled the necessary items > into the kernel did this when I first set up my system many reboots > ago > options IPFIREWALL > options IPFIREWALL_VERBOSE > options IPDIVERT > > I have created a file called rc.fw4 > and I have set my rc.conf > > #ipv4 firewall > firewall_enable="YES" > firewall_type="/etc/rc.fw4" > firewall_script="/etc/rc.firewall" > firewall_quiet="NO" > > IS THERE A WAY ACTIVATE ALL THIS WITHOUT A REBOOT > ALSO IS THERE A WAY DE-ACTIVATE ALL THIS WITHOUT A REBOOT IN CASE > SOMETHING GOES WRONG WHICH USUALLY DOES WITH MY FIREWALL RULES Before I would start testing new rules on a remote machine, I would at the following script for something like 10 minutes in the future. That way if I couldn't do anything, in 10 minutes everything would be reset. If everything worked, it let me cancel the at. I called it clnipfw and it looks like # cat clnipfw #! /bin/sh ipfw -f flush ipfw add divert natd all from any to any via ep0 ipfw add pass all from any to any -- Kent Stewart Richland, WA http://users.owt.com/kstewart/index.html