From owner-freebsd-questions@FreeBSD.ORG Fri Jan 27 00:22:58 2006 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 93FF916A422 for ; Fri, 27 Jan 2006 00:22:58 +0000 (GMT) (envelope-from ipfreak@yahoo.com) Received: from web52104.mail.yahoo.com (web52104.mail.yahoo.com [206.190.48.107]) by mx1.FreeBSD.org (Postfix) with SMTP id BA3A943D5A for ; Fri, 27 Jan 2006 00:22:55 +0000 (GMT) (envelope-from ipfreak@yahoo.com) Received: (qmail 61682 invoked by uid 60001); 27 Jan 2006 00:22:55 -0000 DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=s1024; d=yahoo.com; h=Message-ID:Received:Date:From:Subject:To:In-Reply-To:MIME-Version:Content-Type:Content-Transfer-Encoding; b=jJ4N0jO/yyBYTH73KDRASraqB6FHoU1G9T84rkZ51za0T271GBZLZq9uClFn4+drX9bAERFhRG1WvA8w3F/DPmw1ojUyDZqmJryGUffA9Q3H1w3SE8mQm0ieLb09gTDN1TC/RZ5+dnpk+Jpm3MeNBtCbfJm6LqE8wbyTJ8B5RdY= ; Message-ID: <20060127002255.61680.qmail@web52104.mail.yahoo.com> Received: from [200.38.156.194] by web52104.mail.yahoo.com via HTTP; Thu, 26 Jan 2006 16:22:54 PST Date: Thu, 26 Jan 2006 16:22:54 -0800 (PST) From: gahn To: Arne Woerner , freebsd security , freebsd general questions In-Reply-To: <20060127000331.24566.qmail@web30307.mail.mud.yahoo.com> MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 8bit Cc: Subject: Re: strange problem with ipfw and rc.conf X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 27 Jan 2006 00:22:58 -0000 Thanks. I don't think it was the problem of ipfw rulesets. In fact once I did "sh /etc/ipfw.rules" and things are fine. I just cant figure out why the rc.conf won't load the rulesets. Besides, I recompiled the customized kernel and there is no need for "firewall_enable="YES"" statement in rc.conf. --- Arne Woerner wrote: > --- gahn wrote: > > 65335 locking out everything). I have to do "sh > > /etc/ipfw.rules" in order to load the rulesets, > once I > > did that, I can access the box from remote > locations > > > Hmm... > > It helped me, to look at /etc/rc.firewall... There > are some > comments, that might give u the right hints... > > Maybe firewall_enable should be YES? > > E. g. my /etc/rc.firewall.bartely file cannot be > executed with > sh... But maybe I still did not understand ipfw... > > My /etc/rc.firewall.bartely contains rules like: > add pass log all from any to 47.11.42.42 > add deny log all from any to any > > And in rc.conf my > firewall_type=/etc/rc.firewall.bartleby > > And I use default firewall_script=/etc/rc.firewall > > -Arne > > > __________________________________________________ > Do You Yahoo!? > Tired of spam? Yahoo! Mail has the best spam > protection around > http://mail.yahoo.com > __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com