From owner-freebsd-questions@FreeBSD.ORG Thu May 22 19:04:50 2003 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id CA37637B401 for ; Thu, 22 May 2003 19:04:50 -0700 (PDT) Received: from grumpy.dyndns.org (user-24-214-34-52.knology.net [24.214.34.52]) by mx1.FreeBSD.org (Postfix) with ESMTP id C22D343F3F for ; Thu, 22 May 2003 19:04:48 -0700 (PDT) (envelope-from dkelly@grumpy.dyndns.org) Received: from grumpy.dyndns.org (localhost [127.0.0.1]) by grumpy.dyndns.org (8.12.9/8.12.9) with ESMTP id h4N24l14085634 for ; Thu, 22 May 2003 21:04:47 -0500 (CDT) (envelope-from dkelly@grumpy.dyndns.org) Received: from localhost (localhost [[UNIX: localhost]]) by grumpy.dyndns.org (8.12.9/8.12.9/Submit) id h4N24lYT085633 for FreeBSD-Questions@FreeBSD.org; Thu, 22 May 2003 21:04:47 -0500 (CDT) From: David Kelly To: FreeBSD-Questions@FreeBSD.org Date: Thu, 22 May 2003 21:04:46 -0500 User-Agent: KMail/1.5.2 References: In-Reply-To: MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Content-Disposition: inline Message-Id: <200305222104.46859.dkelly@HiWAAY.net> Subject: Re: Update Firewall Rules X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 23 May 2003 02:04:51 -0000 X-List-Received-Date: Fri, 23 May 2003 02:04:51 -0000 On Thursday 22 May 2003 03:16 am, Carolyn Longfoot wrote: > How do I switch the firewall rules on a system without rebooting? > I tried executing /etc/rc.firewall OPEN > for example but the same rule set is put in place again that is > defined in /etc/rc.conf. > > I'm sure there's a simple answer, thanks in advance! Actually, not as simple as you might like. I didn't want any of the default firewall suites but found they were excellent examples. Got tired of mergemaster wanting to change my /etc/rc.firewall. So I copied it to /etc/my.firewall, added 'firewall_script="/etc/rc.firewall"'to /etc/rc.conf and no longer had any problems. If you really want an open firewall then simply type: % su # ipfw add 1 allow ip from any to any To put things back the way they were: # ipfw delete 1 All the above does is add a new rule at the front of your rule set. Then later remove it so the other rules are once again used. -- David Kelly N4HHE, dkelly@hiwaay.net ===================================================================== The human mind ordinarily operates at only ten percent of its capacity -- the rest is overhead for the operating system.