Date: Thu, 11 Oct 2001 13:00:00 -0400 From: Louis LeBlanc <leblanc+freebsd@smtp.ne.mediaone.net> To: freebsd-questions@FreeBSD.org, freebsd-questions@FreeBSD.org Subject: Re: IPFW, natd, and one big headache Message-ID: <20011011130000.C3862@acadia.ne.mediaone.net> In-Reply-To: <20011011083853.A1363@grumpy.dyndns.org> References: <leblanc%2Bfreebsd@smtp.ne.mediaone.net> <20011010212942.A1037@acadia.ne.mediaone.net> <200110110210.f9B2Atw99386@grumpy.dyndns.org> <20011010225621.B1037@acadia.ne.mediaone.net> <20011011083853.A1363@grumpy.dyndns.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On 10/11/01 08:38 AM, David Kelly sat at the `puter and typed: > On Wed, Oct 10, 2001 at 10:56:21PM -0400, Louis LeBlanc wrote: > > > > > No need to reboot to debug your firewall and dhclient. Simply kill > > > dhclient and start it again with "dhclient xl0" > > > > How will this affect natd if it is running? > > Doesn't affect natd at all unless you delete your divert rule. You can > kill and restart natd if you would like but any established link would > be lost. Understood. This has helped a lot. Thanks. > Meanwhile you are simply inserting and deleting one ipfw rule at a time > from the keyboard without resetting the entire firewall with a flush? Or > re-running your firewall rules script? Right? That's something I ment > to be saying in the previous message but might not have been clear. > Something like this: > > grumpy: [1005] ipfw add 1590 deny tcp from any to any 113 in recv fxp0 > 01590 deny tcp from any to any 113 in recv fxp0 > grumpy: [1006] ipfw delete 1590 > grumpy: [1007] > > And finally (maybe?) I like to use this in an xterm while playing with > the firewall, "less +F /var/log/security", which is much the same as > "tail -f" but with the ability to /-search and highlight things such as > "Deny" as they scroll by. One day I'll figure out how to wrap the search > for "Deny" in that command line. Initial 5 minute effort failed way back > when. I use it in an alias: > > alias security less +F /var/log/security > > For less, I find this useful in ~/.cshrc: > > if ( -x /usr/bin/less ) then > setenv PAGER /usr/bin/less > else if ( -x /usr/local/bin/less ) then > setenv PAGER /usr/local/bin/less > endif > setenv LESS '-aisMj5' Very cool. I like it. I'm gonna snarf that right now :) > The options to less highlight search hits, first hit on line 5 of the > screen, and multiple blank lines are collapsed into one making man pages > easier to read on screen. Nice. One thing to be aware of though is that this causes the first page (if there are more than one, anyway) to be passed right over. I backed up to the first page to find that there were several hits there that were highlighted as they were scrolled up. No biggie, though. I'll have to play with that less +F deal. I can't tell just how it works. I'll study that on a 'higher traffic' logfile. Thanks! I think I've learned more on this list in the last 2 months than on any other! Lou -- Louis LeBlanc leblanc@acadia.ne.mediaone.net Fully Funded Hobbyist, KeySlapper Extrordinaire :) http://acadia.ne.mediaone.net ԿԬ brokee, n: Someone who buys stocks on the advice of a broker. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20011011130000.C3862>