From owner-freebsd-questions@FreeBSD.ORG  Thu May 22 07:05:42 2003
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id EA2AA37B401
	for <freebsd-questions@freebsd.org>;
	Thu, 22 May 2003 07:05:42 -0700 (PDT)
Received: from imhotep.yuckfou.org (cust.89.117.adsl.cistron.nl
	[195.64.89.117])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 453D643F3F
	for <freebsd-questions@freebsd.org>;
	Thu, 22 May 2003 07:05:40 -0700 (PDT)
	(envelope-from nivo+freebsd-questions@yuckfou.org)
Received: by imhotep.yuckfou.org (Postfix, from userid 1000)
	id 3292CA983; Thu, 22 May 2003 16:05:36 +0200 (CEST)
Date: Thu, 22 May 2003 16:05:36 +0200
From: Nils Vogels <nivo+freebsd-questions@yuckfou.org>
To: freebsd-questions@freebsd.org
Message-ID: <20030522140536.GJ10795@imhotep.yuckfou.org>
Mail-Followup-To: freebsd-questions@freebsd.org
References: <Sea1-F1529QYVIdbg9x000280da@hotmail.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <Sea1-F1529QYVIdbg9x000280da@hotmail.com>
User-Agent: Mutt/1.4.1i
X-PGP-Key: Key 0xAD3A5AAD from pub. servers
X-PGP-Fingerprint: 1585 93A2 9595 177B 5D5F  1271 3333 57FD AD3A 5AAD
Subject: Re: Update Firewall Rules
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>,
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>,
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 22 May 2003 14:05:43 -0000

On Thu, May 22, 2003 at 09:11:46AM -0400, Carolyn Longfoot (CL) wrote:
CL> 
CL> Good advice against lock-outs though. Is generally the preferred approach 
CL> to use different files for different rules, rather than keep sets in 
CL> /etc/rc.firewall? And if so, how do you set this up in /etc/rc.conf, since 
CL> the firewall type by default looks at rc.firewall...

Having a look at /etc/defaults/rc.conf:

firewall_enable="NO"            # Set to YES to enable firewall functionality
firewall_script="/etc/rc.firewall" # Which script to run to set up the firewall
firewall_type="UNKNOWN"         # Firewall type (see /etc/rc.firewall)
firewall_quiet="NO"             # Set to YES to suppress rule display
firewall_logging="NO"           # Set to YES to enable events logging
firewall_flags=""               # Flags passed to ipfw when type is a file


So, if you would set firewall_script to some homegrown script that setups up
your firewall for you, instead of the default rc.firewall, all should be fine
and dandy :)

Grtz,

Nils.