From owner-freebsd-questions Thu Oct 11 6:39: 6 2001 Delivered-To: freebsd-questions@freebsd.org Received: from grumpy.dyndns.org (user-24-214-92-93.knology.net [24.214.92.93]) by hub.freebsd.org (Postfix) with ESMTP id 32BB037B401 for ; Thu, 11 Oct 2001 06:39:02 -0700 (PDT) Received: (from dkelly@localhost) by grumpy.dyndns.org (8.11.6/8.11.6) id f9BDcr801484; Thu, 11 Oct 2001 08:38:53 -0500 (CDT) (envelope-from dkelly) Date: Thu, 11 Oct 2001 08:38:53 -0500 From: David Kelly To: Louis LeBlanc Cc: freebsd-questions@FreeBSD.ORG Subject: Re: IPFW, natd, and one big headache Message-ID: <20011011083853.A1363@grumpy.dyndns.org> References: <20011010212942.A1037@acadia.ne.mediaone.net> <200110110210.f9B2Atw99386@grumpy.dyndns.org> <20011010225621.B1037@acadia.ne.mediaone.net> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <20011010225621.B1037@acadia.ne.mediaone.net>; from leblanc@smtp.ne.mediaone.net on Wed, Oct 10, 2001 at 10:56:21PM -0400 Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG On Wed, Oct 10, 2001 at 10:56:21PM -0400, Louis LeBlanc wrote: > > > No need to reboot to debug your firewall and dhclient. Simply kill > > dhclient and start it again with "dhclient xl0" > > How will this affect natd if it is running? Doesn't affect natd at all unless you delete your divert rule. You can kill and restart natd if you would like but any established link would be lost. Meanwhile you are simply inserting and deleting one ipfw rule at a time from the keyboard without resetting the entire firewall with a flush? Or re-running your firewall rules script? Right? That's something I ment to be saying in the previous message but might not have been clear. Something like this: grumpy: [1005] ipfw add 1590 deny tcp from any to any 113 in recv fxp0 01590 deny tcp from any to any 113 in recv fxp0 grumpy: [1006] ipfw delete 1590 grumpy: [1007] And finally (maybe?) I like to use this in an xterm while playing with the firewall, "less +F /var/log/security", which is much the same as "tail -f" but with the ability to /-search and highlight things such as "Deny" as they scroll by. One day I'll figure out how to wrap the search for "Deny" in that command line. Initial 5 minute effort failed way back when. I use it in an alias: alias security less +F /var/log/security For less, I find this useful in ~/.cshrc: if ( -x /usr/bin/less ) then setenv PAGER /usr/bin/less else if ( -x /usr/local/bin/less ) then setenv PAGER /usr/local/bin/less endif setenv LESS '-aisMj5' The options to less highlight search hits, first hit on line 5 of the screen, and multiple blank lines are collapsed into one making man pages easier to read on screen. -- David Kelly N4HHE, dkelly@hiwaay.net ===================================================================== The human mind ordinarily operates at only ten percent of its capacity -- the rest is overhead for the operating system. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message