From owner-freebsd-ipfw@FreeBSD.ORG Fri Feb 2 01:59:02 2007 Return-Path: X-Original-To: freebsd-ipfw@freebsd.org Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 534FA16A402 for ; Fri, 2 Feb 2007 01:59:02 +0000 (UTC) (envelope-from xxadmiralxx@gmail.com) Received: from ug-out-1314.google.com (ug-out-1314.google.com [66.249.92.175]) by mx1.freebsd.org (Postfix) with ESMTP id CFC6B13C4A5 for ; Fri, 2 Feb 2007 01:59:01 +0000 (UTC) (envelope-from xxadmiralxx@gmail.com) Received: by ug-out-1314.google.com with SMTP id o2so633735uge for ; Thu, 01 Feb 2007 17:59:00 -0800 (PST) DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=beta; h=received:message-id:date:from:to:subject:in-reply-to:mime-version:content-type:references; b=bhxpHTbtJQmHgHncXUpDrLhg76ES4sDehLp73UsTRMRrMhl2YLaEVnbcSZMm7+JaZL45tbZ0MbaP80Gb43Dnpq3avdBlbEh4iYtAu4+VrrvgGo0hYSQwYwoetLUL9jED139B4yvvOSTlYWu3Z2FSHHdvmoMZfJxOWc9ioSr7LsI= Received: by 10.66.243.2 with SMTP id q2mr3662400ugh.1170381540303; Thu, 01 Feb 2007 17:59:00 -0800 (PST) Received: by 10.66.233.7 with HTTP; Thu, 1 Feb 2007 17:59:00 -0800 (PST) Message-ID: <66f7e7af0702011759t1b4ba6a8jb988d68fe5595601@mail.gmail.com> Date: Thu, 1 Feb 2007 20:59:00 -0500 From: "The Admiral" To: freebsd-ipfw@freebsd.org In-Reply-To: <000001c74663$212a10a0$0205000a@white> MIME-Version: 1.0 References: <66f7e7af0702011304m61385124r5876e0af3d767a55@mail.gmail.com> <002401c74657$6b169690$0205000a@white> <66f7e7af0702011611v155a3c2h6a26152d7faf9796@mail.gmail.com> <000001c74663$212a10a0$0205000a@white> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Content-Disposition: inline X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Subject: Re: rc.firewall script not running at system boot X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 02 Feb 2007 01:59:02 -0000 On 2/1/07, Dewayne Geraghty wrote: > > Hmm - I have a 9 firewalls in different locations and the information that > you've provided seems ok. Kernel options are ok, rc.conf looks ok, is > there > a "client" option still in your rc.firewall. > > The deny rule is always the last as its meant to protect the environment > in > case of rc.firewall not working. Could you try > > script /tmp/ipfw.lis /etc/rc.d/ipfw restart > And examine the output as that is sure to tell you where the hangup is. > There be a rule in the rc.firewall that makes it hang/stop. (tired > fingers > sometimes leave remnant char around). I tried executing "/etc/rc.d/ipfw restart" and sure enough, it showed that one of my firewall rules was mistakenly entered as "addpass" while it should've been "add pass". I corrected the typo, but the strange thing is, when I reboot, it still doesn't work! Running the firewall command manually works without error, but it isn't executed at boot.. Any other ideas? I was sure that the typo was the problem, unfortunately that's not the case. Oh well, at least it seems I'm getting closer to a solution! Thanks, Mike Regards, Dewayne. > -----Original Message----- > From: owner-freebsd-ipfw@freebsd.org [mailto: > owner-freebsd-ipfw@freebsd.org] > On Behalf Of The Admiral > Sent: Friday, 2 February 2007 11:11 AM > To: freebsd-ipfw@freebsd.org > Subject: Re: rc.firewall script not running at system boot > > Hi Dewayne, thanks for the response, although I tried enclosing the YES > option in quotes but it didn't make a difference. > > Mike > > > On 2/1/07, Dewayne Geraghty > wrote: > > > > Put quotes around gateway_enable="YES" > > Regards, Dewayne. > > > > -----Original Message----- > > From: owner-freebsd-ipfw@freebsd.org [mailto: > > owner-freebsd-ipfw@freebsd.org] > > On Behalf Of The Admiral > > Sent: Friday, 2 February 2007 8:04 AM > > To: freebsd-ipfw@freebsd.org > > Subject: rc.firewall script not running at system boot > > > > We had a power outage last night and I arrived at work today to find > > that one of our machines no longer has network access (one of the few > > machines not on a battery backup unit). I checked to see what > > firewall rules were enabled and the only one that was active was to > > deny all. It seems as though my rc.firewall script wasn't run > > automatically when the system booted. I rebooted to double check and > > sure enough the only rule enabled was the deny all rule. My rc.conffile > has the following: > > > > --------------------------------------------------------------- > > hostname="dev" > > > > ifconfig_em0="inet 192.168.1.120 netmask 255.255.255.0" > > ifconfig_vr0="inet 224.87.34.72 netmask 255.255.255.248" #real IP > > hidden > > on purpose > > > > defaultrouter="224.87.34.71" > > > > gateway_enable=YES > > firewall_enable="YES" # Set to YES to enable firewall > functionality > > firewall_script="/etc/rc.firewall" # Which script to run to set up the > > firewall > > firewall_type="client" # Firewall type (see /etc/rc.firewall) > > > > --------------------------------------------------------------- > > > > my kernel configuration file has the following: > > > > --------------------------------------------------------------- > > > > options IPFIREWALL # required to use ipfw > > options IPFIREWALL_FORWARD > > options IPDIVERT # required for natd > > options IPFIREWALL_VERBOSE # Enables logging of packets that > > pass > > through IPFW and have the 'log' keyword specified in the rule set. > > > > --------------------------------------------------------------- > > > > When I run the rc.firewall script directly (sudo /etc/rc.firewall > > client) all my rulesets are enabled as they should, however, the > > rc.firewall file isn't being executed at system boot, which I'd like > > to resolve, since it means that the machine will be inaccessible if > > the machine is rebooted for whatever reason, and no one is there to > > manually execute the firewall script from the console. The strange > > thing is, the last time I manually rebooted the machine, the script > > was executed without a problem.. The machine hasn't been rebooted for > > a while though, and a lot of the software has been updated in the > > meantime, so I'm thinking that may be the cause, but I'm still unsure > > how to go about fixing this. Any help is greatly appreciated, thanks. > > > > Mike > > _______________________________________________ > > freebsd-ipfw@freebsd.org mailing list > > http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw > > To unsubscribe, send any mail to "freebsd-ipfw-unsubscribe@freebsd.org" > > > > > _______________________________________________ > freebsd-ipfw@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw > To unsubscribe, send any mail to "freebsd-ipfw-unsubscribe@freebsd.org" > >