Skip site navigation (1)Skip section navigation (2)
Date:      Thu, 11 Oct 2001 13:00:00 -0400
From:      Louis LeBlanc <leblanc+freebsd@smtp.ne.mediaone.net>
To:        freebsd-questions@FreeBSD.org, freebsd-questions@FreeBSD.org
Subject:   Re: IPFW, natd, and one big headache
Message-ID:  <20011011130000.C3862@acadia.ne.mediaone.net>
In-Reply-To: <20011011083853.A1363@grumpy.dyndns.org>
References:  <leblanc%2Bfreebsd@smtp.ne.mediaone.net> <20011010212942.A1037@acadia.ne.mediaone.net> <200110110210.f9B2Atw99386@grumpy.dyndns.org> <20011010225621.B1037@acadia.ne.mediaone.net> <20011011083853.A1363@grumpy.dyndns.org>

next in thread | previous in thread | raw e-mail | index | archive | help
On 10/11/01 08:38 AM, David Kelly sat at the `puter and typed:
> On Wed, Oct 10, 2001 at 10:56:21PM -0400, Louis LeBlanc wrote:
> > 
> > > No need to reboot to debug your firewall and dhclient. Simply kill 
> > > dhclient and start it again with "dhclient xl0"
> > 
> > How will this affect natd if it is running?
> 
> Doesn't affect natd at all unless you delete your divert rule. You can
> kill and restart natd if you would like but any established link would
> be lost.

Understood.  This has helped a lot.  Thanks.

> Meanwhile you are simply inserting and deleting one ipfw rule at a time
> from the keyboard without resetting the entire firewall with a flush? Or
> re-running your firewall rules script?  Right? That's something I ment
> to be saying in the previous message but might not have been clear.
> Something like this:
> 
> grumpy: [1005] ipfw add 1590 deny tcp from any to any 113 in recv fxp0
> 01590 deny tcp from any to any 113 in recv fxp0
> grumpy: [1006] ipfw delete 1590
> grumpy: [1007] 
> 
> And finally (maybe?) I like to use this in an xterm while playing with
> the firewall, "less +F /var/log/security", which is much the same as
> "tail -f" but with the ability to /-search and highlight things such as
> "Deny" as they scroll by. One day I'll figure out how to wrap the search
> for "Deny" in that command line. Initial 5 minute effort failed way back
> when. I use it in an alias:
> 
> alias security less +F /var/log/security
> 
> For less, I find this useful in ~/.cshrc:
> 
> if ( -x /usr/bin/less ) then
>         setenv  PAGER   /usr/bin/less
> else if ( -x /usr/local/bin/less ) then
>         setenv  PAGER   /usr/local/bin/less
> endif
> setenv  LESS    '-aisMj5'

Very cool.  I like it.  I'm gonna snarf that right now :)
 
> The options to less highlight search hits, first hit on line 5 of the
> screen, and multiple blank lines are collapsed into one making man pages
> easier to read on screen.

Nice.  One thing to be aware of though is that this causes the first
page (if there are more than one, anyway) to be passed right over.  I
backed up to the first page to find that there were several hits there
that were highlighted as they were scrolled up.  No biggie, though.
I'll have to play with that less +F deal.  I can't tell just how it
works.  I'll study that on a 'higher traffic' logfile.

Thanks!  I think I've learned more on this list in the last 2 months
than on any other!

Lou
-- 
Louis LeBlanc       leblanc@acadia.ne.mediaone.net
Fully Funded Hobbyist, KeySlapper Extrordinaire :)
http://acadia.ne.mediaone.net                 ԿԬ

brokee, n:
  Someone who buys stocks on the advice of a broker.


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20011011130000.C3862>