From owner-freebsd-ipfw Wed Dec 4 12:30:34 2002 Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 16A8C37B401 for ; Wed, 4 Dec 2002 12:30:32 -0800 (PST) Received: from accord.grasslake.net (accord.grasslake.net [209.98.56.21]) by mx1.FreeBSD.org (Postfix) with ESMTP id 0A50B43EB2 for ; Wed, 4 Dec 2002 12:30:31 -0800 (PST) (envelope-from swb@grasslake.net) Received: from swbgx150 (honda.grasslake.net [192.168.1.1]) by accord.grasslake.net (8.12.6/8.12.6) with SMTP id gB4KJX6v055834; Wed, 4 Dec 2002 14:19:33 -0600 (CST) (envelope-from swb@grasslake.net) Message-ID: <024d01c29bd4$16874110$62229fc0@ad.campbellmithun.com> From: "Shawn Barnhart" To: "Nikolaev D./ MTS" , "freebsd-ipfw" References: <3DEE16D7.1020706@northnetworks.ca> <3DEE39C3.5040704@northnetworks.ca> <000901c29bbb$7bb4a0a0$4635a8c0@sloniki> Subject: Re: Auto-recover Date: Wed, 4 Dec 2002 14:31:12 -0600 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2800.1106 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106 Sender: owner-freebsd-ipfw@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Wouldn't you have to run those commands with nohup? My experience has been that commands backgrounded with '&' stop running if the shell that started them ends, unless you run them with nohup. Unless your shell does this for you automatically, but bash doens't for me. ----- Original Message ----- From: "Nikolaev D./ MTS" To: "freebsd-ipfw" Sent: Wednesday, December 04, 2002 11:35 Subject: Re: Auto-recover > You have to do: > 1. run "sleep10 && /bla-bla-bla/change_rules.sh &" > 2. then do not wait but logout: "exit" > 3. reconnect after some time (10 seconds for example). > > Or I did not understand you correctly ? Show "change_rules.sh" please. > > ----- Original Message ----- > From: "Steve Bertrand" > To: "freebsd-ipfw" > Sent: Wednesday, December 04, 2002 8:22 PM > Subject: Re: Auto-recover > > > > Thanks for the suggestions, but neither worked. The bash command failed > > with a syntax error, and it appears that the unit sleeps for 10 seconds, > > then edits the script. The same problem occured. > > > > The fw program did not install correctly on my box, besides, it is not > > exactly what I need at this point. I will take a look at it though and > > will likely use some of the code for my own purposes. > > > > All I want to do is execute the ipfw script from a remote location and > > have it revert back if I can't get in. > > > > I think what I will do is write a perl script that will run the new > > script, watch for new ssh connections with my username, and revert to > > the old rules if no connection has been established within a set time. > > > > Now that I think about it, perhaps scrambling up the commands in > > Nicolaev's reply may help me on my way. > > > > Steve > > > > Steve Bertrand wrote: > > > > > No matter what I do, the auto-recover script (change_rules.sh) will > > > not process my new rules properly when connected via ssh. I suspect > > > that this is due to the flush at the top of my rules script. After > > > modification of my firewall script, I have to log back into the box > > > and the old rules are re-loaded. > > > Is there something special that I have to add or remove from my > > > ruleset to make this process work properly? > > > > > > Tks, > > > Steve > > > > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > > > with "unsubscribe freebsd-ipfw" in the body of the message > > > > > > > > > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > > with "unsubscribe freebsd-ipfw" in the body of the message > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-ipfw" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ipfw" in the body of the message