Date: Thu, 4 Oct 2001 15:46:57 +0300 From: Giorgos Keramidas <charon@labs.gr> To: Nathan Mace <nmace85@yahoo.com> Cc: freebsd-questions@FreeBSD.ORG Subject: Re: more rc.conf troubles Message-ID: <20011004154657.C41705@hades.hell.gr> In-Reply-To: <20011004004032.501488e2.nmace85@yahoo.com> References: <20011003204158.3b538dfd.nmace85@yahoo.com> <003501c14c6d$2919fdc0$14ce21c7@avatar.com> <20011003214710.318de708.nmace85@yahoo.com> <20011003205355.L8391@blossom.cjclark.org> <20011004004032.501488e2.nmace85@yahoo.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Nathan Mace <nmace85@yahoo.com> wrote:
> ok i changed my /etc/rc.conf file to point at the ipfw.rules file...
There are two ways to point to a rules file.
a) either set firewall_type to the path of your rules file, in which
case the rules in that file should be commands that ipfw can
understand, like:
add 100 allow ip from any to any
this will be used by rc.firewall in a command similar to:
${fwcmd} -f ${firewall_type}
and ${fwcmd} which is set to ipfw will load the proper firewall
rules by reading that file, or, if you want to make a custom `shell
script' that works like rc.firewall ..
b) set firewall_script to point to a *shell* script that will be
executed by /bin/sh to load the firewall. Since the shell knows
nothing about firewalls, all the commands that are in that file
should include `ipfw' or ${fwcmd} in front of them, depending on
how you write it. An example of such a script that does exactly
the same thing as the ruls file shown above could be:
fwcmd="ipfw -q"
${fwcmd} add 100 allow ip from any to any
But let us see what you have in *your* files now. In your rc.conf you
have used:
firewall_enable="YES"
firewall_script="/root/ipfw.rules"
firewall_logging_enable="YES"
This will be used by /etc/rc.network to execute the command:
. "${firewall_script}"
and /bin/sh (which executes stuff passed to the . command) will read
through your /root/ipfw.rules file commands like the following
(quoting from your ipfw.rules file):
65534 allow ip from any to any
Then, /bin/sh will try to execute the command 65534 which of course
does not exist. Hence the strange messages you are seeing.
To correct this, either change your rc.conf to use:
firewall_script="/etc/rc.firewall"
firewall_type="/root/ipfw.rules"
or, edit /root/ipfw.rules and make it a real shell script, like:
ipfw add 65534 allow ip from any to any
Which of these two options you will decide to use, is probably a
matter of personal preference and taste. Both ways will fix things
that are now broken.
-giorgos
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20011004154657.C41705>