From owner-freebsd-current@FreeBSD.ORG  Sun Jun 15 06:36:29 2003
Return-Path: <owner-freebsd-current@FreeBSD.ORG>
Delivered-To: freebsd-current@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id BC86A37B401
	for <current@freebsd.org>; Sun, 15 Jun 2003 06:36:29 -0700 (PDT)
Received: from alpha.siliconlandmark.com (alpha.siliconlandmark.com
	[209.69.98.4])	by mx1.FreeBSD.org (Postfix) with ESMTP id 0038243F93
	for <current@freebsd.org>; Sun, 15 Jun 2003 06:36:28 -0700 (PDT)
	(envelope-from andy@siliconlandmark.com)
Received: from alpha.siliconlandmark.com (localhost [127.0.0.1])
	h5FDaRAQ039958;	Sun, 15 Jun 2003 09:36:28 -0400 (EDT)
	(envelope-from andy@siliconlandmark.com)
Received: from localhost (andy@localhost)h5FDaNqq039954;
	Sun, 15 Jun 2003 09:36:27 -0400 (EDT)
	(envelope-from andy@siliconlandmark.com)
X-Authentication-Warning: alpha.siliconlandmark.com: andy owned process doing
	-bs
Date: Sun, 15 Jun 2003 09:36:23 -0400 (EDT)
From: Andre Guibert de Bruet <andy@siliconlandmark.com>
To: Kris Kennaway <kris@obsecurity.org>
In-Reply-To: <20030614074457.GA28169@rot13.obsecurity.org>
Message-ID: <20030615093433.Q31662@alpha.siliconlandmark.com>
References: <20030614074457.GA28169@rot13.obsecurity.org>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
cc: current@freebsd.org
Subject: Re: rc.firewall not executed?
X-BeenThere: freebsd-current@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: Discussions about the use of FreeBSD-current
	<freebsd-current.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-current>,
	<mailto:freebsd-current-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-current>
List-Post: <mailto:freebsd-current@freebsd.org>
List-Help: <mailto:freebsd-current-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-current>,
	<mailto:freebsd-current-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sun, 15 Jun 2003 13:36:30 -0000


On Sat, 14 Jun 2003, Kris Kennaway wrote:

> I just noticed that my ipfw rules were not loaded the last time I
> rebooted.  My rc.conf is included below - has something changed
> recently so that these settings are not enough?  I didn't see anything
> relevant in UPDATING.  My /etc/firewall.conf exists and is readable
> (and unchanged since 2002).
>
> Kris
>
> ----
> # $FreeBSD: src/etc/defaults/rc.conf,v 1.156 2002/08/30 13:01:42 hm Exp $
> hostname="citusc17.usc.edu"     # Set this!
> nisdomainname="cituscdomain"    # Set to NIS domain if using NIS (or NO).
> firewall_enable="YES"           # Set to YES to enable firewall functionality
> firewall_type="/etc/firewall.conf"      # Firewall type (see /etc/rc.firewall)
                 ^^^^^^^^^^^^^^^^^^
This is wrong. Set it to "UNKNOWN". There's firewall_script for that.

Regards,

> Andre Guibert de Bruet | Enterprise Software Consultant >
> Silicon Landmark, LLC. | http://siliconlandmark.com/    >