From owner-freebsd-questions Thu Oct 4 5:48:30 2001 Delivered-To: freebsd-questions@freebsd.org Received: from mailsrv.otenet.gr (mailsrv.otenet.gr [195.170.0.5]) by hub.freebsd.org (Postfix) with ESMTP id 60F0737B408 for ; Thu, 4 Oct 2001 05:48:22 -0700 (PDT) Received: from hades.hell.gr (patr530-a077.otenet.gr [212.205.215.77]) by mailsrv.otenet.gr (8.11.5/8.11.5) with ESMTP id f94CmHh25245; Thu, 4 Oct 2001 15:48:18 +0300 (EEST) Received: (from charon@localhost) by hades.hell.gr (8.11.6/8.11.6) id f94CkwK41927; Thu, 4 Oct 2001 15:46:58 +0300 (EEST) (envelope-from charon@labs.gr) Date: Thu, 4 Oct 2001 15:46:57 +0300 From: Giorgos Keramidas To: Nathan Mace Cc: freebsd-questions@FreeBSD.ORG Subject: Re: more rc.conf troubles Message-ID: <20011004154657.C41705@hades.hell.gr> References: <20011003204158.3b538dfd.nmace85@yahoo.com> <003501c14c6d$2919fdc0$14ce21c7@avatar.com> <20011003214710.318de708.nmace85@yahoo.com> <20011003205355.L8391@blossom.cjclark.org> <20011004004032.501488e2.nmace85@yahoo.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20011004004032.501488e2.nmace85@yahoo.com> User-Agent: Mutt/1.3.22.1i X-GPG-Fingerprint: C1EB 0653 DB8B A557 3829 00F9 D60F 941A 3186 03B6 X-URL: http://labs.gr/~charon/ Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Nathan Mace wrote: > ok i changed my /etc/rc.conf file to point at the ipfw.rules file... There are two ways to point to a rules file. a) either set firewall_type to the path of your rules file, in which case the rules in that file should be commands that ipfw can understand, like: add 100 allow ip from any to any this will be used by rc.firewall in a command similar to: ${fwcmd} -f ${firewall_type} and ${fwcmd} which is set to ipfw will load the proper firewall rules by reading that file, or, if you want to make a custom `shell script' that works like rc.firewall .. b) set firewall_script to point to a *shell* script that will be executed by /bin/sh to load the firewall. Since the shell knows nothing about firewalls, all the commands that are in that file should include `ipfw' or ${fwcmd} in front of them, depending on how you write it. An example of such a script that does exactly the same thing as the ruls file shown above could be: fwcmd="ipfw -q" ${fwcmd} add 100 allow ip from any to any But let us see what you have in *your* files now. In your rc.conf you have used: firewall_enable="YES" firewall_script="/root/ipfw.rules" firewall_logging_enable="YES" This will be used by /etc/rc.network to execute the command: . "${firewall_script}" and /bin/sh (which executes stuff passed to the . command) will read through your /root/ipfw.rules file commands like the following (quoting from your ipfw.rules file): 65534 allow ip from any to any Then, /bin/sh will try to execute the command 65534 which of course does not exist. Hence the strange messages you are seeing. To correct this, either change your rc.conf to use: firewall_script="/etc/rc.firewall" firewall_type="/root/ipfw.rules" or, edit /root/ipfw.rules and make it a real shell script, like: ipfw add 65534 allow ip from any to any Which of these two options you will decide to use, is probably a matter of personal preference and taste. Both ways will fix things that are now broken. -giorgos To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message