Date: Mon, 23 Jun 2003 18:47:04 -0400 (EDT) From: Matthew George <mdg@secureworks.net> To: Michael Collette <metrol@metrol.net> Cc: FreeBSD Security <FreeBSD-Security@FreeBSD.org> Subject: Re: IPFW: combining "divert natd" with "keep-state" Message-ID: <20030623184332.U13040@localhost> In-Reply-To: <200306201219.14573.metrol@metrol.net> References: <200306201219.14573.metrol@metrol.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, 20 Jun 2003, Michael Collette wrote: > BTW, is there a way to give certain IPs permissions to reloading IPFW's > rules? > There's some stuff I'd like to be able to admin remotely. Darn box > won't let > me reload rules, but it will let me reboot. I've done this quite a bit > in > the past to force new rules to load. I was rather hoping there was a > more > elegant solution to this. > > Later on, > if you have 'flush' at the top of your ruleset, you can (sometimes) get away with an `ipfw -q`. I find screen windows (ports/misc/screen) to be most effective, though ... even if the connection dies, the screen will detach and continue processing the rules file. -- Matthew George SecureWorks Technical Operations
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20030623184332.U13040>