From owner-freebsd-questions Fri Feb 16 2:14:16 2001 Delivered-To: freebsd-questions@freebsd.org Received: from clientmail.realtime.co.uk (simian.realtime.co.uk [194.205.134.131]) by hub.freebsd.org (Postfix) with ESMTP id 158DD37B4EC for ; Fri, 16 Feb 2001 02:14:12 -0800 (PST) Received: from zaphod.realtime.co.uk ([194.205.134.208]) by clientmail.realtime.co.uk with esmtp (Exim 3.20 #1) id 14Thtw-0008VM-01 for freebsd-questions@freebsd.org; Fri, 16 Feb 2001 10:14:08 +0000 Received: from waynep by zaphod.realtime.co.uk with local (Exim 3.16 #1) id 14ThtW-0000KH-00 for freebsd-questions@freebsd.org; Fri, 16 Feb 2001 10:13:42 +0000 From: Wayne Pascoe To: freebsd-questions@freebsd.org Subject: ipfw reading rules from a file Reply-To: wayne.pascoe@realtime.co.uk Date: 16 Feb 2001 10:13:42 +0000 Message-ID: Lines: 59 User-Agent: Gnus/5.0808 (Gnus v5.8.8) XEmacs/21.1 (Channel Islands) MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG Hi all, I am trying to 'persuade' ipfw to read rules from a file. For the moment, I am just using a very simple rule that will allow access from the world. Once this works, I will translate the firewall rules that I use under ipf to ipfw. In /etc/rc.conf I have the following section # # Firewall options # firewall_enable="YES" firewall_type="filename" firewall_flags="/etc/firewall/ipfw.soften" firewall_logging="YES" I have tried the following for /etc/firewall/ipfw.soften : -- try 1 -- /sbin/ipfw allow all from any to any -- try 2 -- allow all from any to any -- try 3 -- 00100 allow ip from any to any None of these worked. It doesn't even seem to be reading the file in and using the rules. I have tried running sh /etc/rc.firewall from the prompt, and I get the following output : # sh /etc/rc.firewall Flushed all rules. 00100 allow ip from any to any via lo0 00200 deny ip from any to 127.0.0.0/0 I have tried this 3 times, each time with a different one of the above 3 lines in /etc/firewall/ipfw.soften I have checked that /etc/firewall/ipfw.soften is readable. What am I doing wrong here? What does my rc.conf need to contain and what does the file that I read from have to look like? Lastly, does ipfw work on a first match wins basis (like iptables / ipchains) or does it work on a last match wins basis (like ipf) ? Thanks, -- - Wayne Pascoe E-mail: wayne.pascoe@realtime.co.uk Phone : +44 (0) 20 7544 4668 Mobile: +44 (0) 788 431 1675 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message