From owner-freebsd-questions@FreeBSD.ORG  Thu May 22 02:31:04 2003
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id C299E37B401
	for <freebsd-questions@freebsd.org>;
	Thu, 22 May 2003 02:31:04 -0700 (PDT)
Received: from igloo.linux.gr (igloo.linux.gr [62.1.205.36])
	by mx1.FreeBSD.org (Postfix) with ESMTP id A9B0B43FA3
	for <freebsd-questions@freebsd.org>;
	Thu, 22 May 2003 02:31:02 -0700 (PDT)
	(envelope-from keramida@ceid.upatras.gr)
Received: from igloo.linux.gr (IDENT:1041@localhost [127.0.0.1])
	h4M9Uxti024553;	Thu, 22 May 2003 12:30:59 +0300
Received: (from keramida@localhost)
	by igloo.linux.gr (8.12.6/8.12.6/Debian-7) id h4M9Ux7J024548;
	Thu, 22 May 2003 12:30:59 +0300
X-Authentication-Warning: igloo.linux.gr: keramida set sender to
	keramida@ceid.upatras.gr using -f
Date: Thu, 22 May 2003 12:30:59 +0300
From: Giorgos Keramidas <keramida@ceid.upatras.gr>
To: Carolyn Longfoot <c_longfoot@hotmail.com>
Message-ID: <20030522093058.GA24261@igloo.linux.gr>
References: <Sea1-F44bF503zJLTz7000278e4@hotmail.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <Sea1-F44bF503zJLTz7000278e4@hotmail.com>
cc: freebsd-questions@freebsd.org
Subject: Re: Update Firewall Rules
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>,
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>,
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 22 May 2003 09:31:05 -0000

On 2003-05-22 04:16, Carolyn Longfoot <c_longfoot@hotmail.com> wrote:
> How do I switch the firewall rules on a system without rebooting?
> I tried executing /etc/rc.firewall OPEN for example but the same
> rule set is put in place again that is defined in /etc/rc.conf.

There's always the "manual" way:

	ipfw add 1 pass ip from any to any
	ipfw add 2 pass ip from any to any

Then you load all your "new" rules after rule 1, and after you're done
delete rule number 1:

	ipfw del 1

Doing thing on a remote machine that you cannot possibly access if
something goes wrong (i.e. a collcation server) is probably not a good
idea though.  In cases like these, I usually follow the following
procedure when tinkering with firewall rules to avoid locking myself
out of a machine I can't login to afterwards:

	a) Schedule a reboot in 15 minutes or so.

	b) Load new firewall rules.

	c) Test rules.

	d) Unschedule the reboot if all goes well.

HTH, Giorgos.