From owner-freebsd-questions@FreeBSD.ORG  Wed Nov 26 12:18:00 2003
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 828F916A4CE
	for <freebsd-questions@freebsd.org>;
	Wed, 26 Nov 2003 12:18:00 -0800 (PST)
Received: from mta4.adelphia.net (mta4.adelphia.net [68.168.78.184])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 521D843FBF
	for <freebsd-questions@freebsd.org>;
	Wed, 26 Nov 2003 12:17:59 -0800 (PST)
	(envelope-from fbsd_user@a1poweruser.com)
Received: from barbish ([68.169.105.3]) by mta13.adelphia.net
          (InterMail vM.5.01.06.05 201-253-122-130-105-20030824) with SMTP
          id <20031126195902.TJQL4878.mta13.adelphia.net@barbish>;
          Wed, 26 Nov 2003 14:59:02 -0500
From: "fbsd_user" <fbsd_user@a1poweruser.com>
To: "Mike Maltese" <mike@pcmedx.com>,
	"freebsd-questions@FreeBSD. ORG" <freebsd-questions@freebsd.org>
Date: Wed, 26 Nov 2003 14:59:00 -0500
Message-ID: <MIEPLLIBMLEEABPDBIEGMEIPEOAA.fbsd_user@a1poweruser.com>
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook IMO, Build 9.0.6604 (9.0.2911.0)
X-MIMEOLE: Produced By Microsoft MimeOLE V6.00.2800.1165
In-Reply-To: <008001c3b44c$cfaf6b40$f4f0a8c0@pcmedx.com>
Importance: Normal
cc: Dan Nelson <dnelson@allantgroup.com>
Subject: RE: IPFILTER rules with shell symbloic substitution
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
Reply-To: fbsd_user@a1poweruser.com
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>,
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>,
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 26 Nov 2003 20:18:00 -0000

Ipf.test  rules file
#!/bin/sh
nic="l0"
/sbin/ipf -Fa -f - <<EOF
pass in on $nic all
pass out on $nic all
pass in all
pass out all
EOF

After booting system this file will load ok by doing
Sh ipf.test from command line.

Or I can run ipf.loadrules from command line and rules load ok.

ipf.loadrules file
#! /bin/sh
sh /etc/ipf.test

But in rc.conf to load the rules
#ipfilter_rules="sh /root/bin/ipf.loadrules"
#ipfilter_rules="/etc/ipf.test"
does not work, get msg no rules loaded after IPFILTER started msg in
boot log.

This works
ipfilter_rules="/etc/ipf.rules"

ipf.rules files
pass in all
pass out all

Looks to me like internal problem with the rc.conf
ipfilter_rules= statement and the way it reads what is pointed at.

Any ideas about what is wrong with my ipfilter_rules="/etc/ipf.test"
statement.







-----Original Message-----
From: owner-freebsd-questions@freebsd.org
[mailto:owner-freebsd-questions@freebsd.org]On Behalf Of Mike
Maltese
Sent: Wednesday, November 26, 2003 1:41 PM
To: freebsd-questions@FreeBSD. ORG
Cc: Dan Nelson
Subject: Re: IPFILTER rules with shell symbloic substitution

> /etc/rc.firewall has lots of examples using ipfw; the concepts
should
> work just as well with ipf.

I'm not sure that's true. /etc/rc.firewall is a shell script, an IP
Filter
ruleset isn't. From the documentation and my own use of it, IP
Filter
doesn't support variable substitution. If you're running 5.x, you
can run
the pf port, which does support variables and some other neat
expansion
capabilities that can really condense and simplify your ruleset.

_______________________________________________
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to
"freebsd-questions-unsubscribe@freebsd.org"