From owner-freebsd-questions@FreeBSD.ORG Fri Jan 13 01:11:40 2006 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 95DDB16A41F for ; Fri, 13 Jan 2006 01:11:40 +0000 (GMT) (envelope-from james_mapson@umpquanet.com) Received: from ns.museum.rain.com (gw-ipinc.museum.rain.com [65.75.192.74]) by mx1.FreeBSD.org (Postfix) with ESMTP id 1CD7943D46 for ; Fri, 13 Jan 2006 01:11:39 +0000 (GMT) (envelope-from james_mapson@umpquanet.com) Received: from ns.museum.rain.com (localhost [127.0.0.1]) by ns.museum.rain.com (8.13.4/8.13.4) with ESMTP id k0D1BOAp007789 (version=TLSv1/SSLv3 cipher=DHE-DSS-AES256-SHA bits=256 verify=NO); Thu, 12 Jan 2006 17:11:25 -0800 (PST) (envelope-from james@umpquanet.com) Received: (from james@localhost) by ns.museum.rain.com (8.13.4/8.13.4/Submit) id k0D1BOGW007788; Thu, 12 Jan 2006 17:11:24 -0800 (PST) (envelope-from james) Date: Thu, 12 Jan 2006 17:11:24 -0800 From: James Long To: freebsd-questions@freebsd.org Message-ID: <20060113011124.GA7742@ns.museum.rain.com> References: <20060112220016.DA6F616A41F@hub.freebsd.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20060112220016.DA6F616A41F@hub.freebsd.org> User-Agent: Mutt/1.5.11 X-Spam-Status: No, score=-100.8 required=5.0 tests=ALL_TRUSTED, J_CHICKENPOX_28,USER_IN_WHITELIST autolearn=failed version=3.1.0 X-Spam-Checker-Version: SpamAssassin 3.1.0 (2005-09-13) on ns.museum.rain.com Cc: Martin McCormick Subject: Re: Strange Failure Mode in FreeBSD 4.11 X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 13 Jan 2006 01:11:40 -0000 > Date: Thu, 12 Jan 2006 13:58:09 -0600 > From: Martin McCormick > Subject: Re: Strange Failure Mode in FreeBSD 4.11 > To: freebsd-questions@freebsd.org > Message-ID: <200601121958.k0CJw9hn091722@dc.cis.okstate.edu> > > In the rc.conf.local, I have: > > firewall_enable="YES" # Set to YES to enable firewall functionality > firewall_script="/etc/rc.firewall" > firewall_type="OPEN" # Firewall type (see /etc/rc.firewall) > firewall_quiet="NO" # Set to YES to suppress rule display > firewall_logging="YES" # Set to YES to enable events logging > firewall_flags="" # Flags passed to ipfw when type is a file > > That makes ipfw load the rules in rc.firewall just fine. In > rc.firewall, there is a place where one can include a table of local > rules and that's where I am doing something wrong. The place in > rc.firewall reads: > > # filename - will load the rules in the given filename (full path required) > > So, I have tried various forms of > > filename /etc/firewall_rules.ns > > and even > > filename - /etc/firewall_rules.ns snip > What do I need to put in /etc/rc.firewall so it just includes > /etc/firewall_rules.ns like the #include directive usually does? You need to put firewall_type="/etc/firewall_rules.ns" in /etc/rc.conf. If that file is readable, it will be passed to ipfw, as per these lines in rc.firewall: *) if [ -r "${firewall_type}" ]; then ${fwcmd} ${firewall_flags} ${firewall_type} fi ;; > Many thanks. An equal but opposite number of welcomes.