From owner-freebsd-hackers  Mon Sep 16 23:48:45 1996
Return-Path: owner-hackers
Received: (from root@localhost)
          by freefall.freebsd.org (8.7.5/8.7.3) id XAA14612
          for hackers-outgoing; Mon, 16 Sep 1996 23:48:45 -0700 (PDT)
Received: from panda.hilink.com.au (panda.hilink.com.au [203.2.144.5])
          by freefall.freebsd.org (8.7.5/8.7.3) with ESMTP id XAA14606
          for <freebsd-hackers@freebsd.org>; Mon, 16 Sep 1996 23:48:40 -0700 (PDT)
Received: (from danny@localhost) by panda.hilink.com.au (8.7.5/8.7.3) id QAA01858; Tue, 17 Sep 1996 16:48:36 +1000 (EST)
Date: Tue, 17 Sep 1996 16:48:34 +1000 (EST)
From: "Daniel O'Callaghan" <danny@panda.hilink.com.au>
To: freebsd-hackers@freebsd.org
Subject: IPFW sysconfig and netstart niceties
Message-ID: <Pine.BSF.3.91.960917161134.384E-100000@panda.hilink.com.au>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-hackers@freebsd.org
X-Loop: FreeBSD.org
Precedence: bulk


Perhaps some committer who thinks that too many people are tripping over the 
"IPFW Policy Deny" would like to review the diffs to sysconfig and 
netstat below.  It's only cosmetic, but appearances do count.

Thanks,

Danny

*** sysconfig.orig	Tue Sep 17 16:10:12 1996
--- sysconfig	Tue Sep 17 16:10:02 1996
***************
*** 196,201 ****
--- 196,202 ----
  gateway=YES
  
  # If you want this host to be a firewall or otherwise filter IP, set to YES.
+ # If you wish to turn off filtering in the kernel, set to OFF.
  firewall=NO
  
  # Set to YES if you wish to check quotas.

-----
*** netstart.orig	Tue Sep 17 14:42:40 1996
--- netstart	Tue Sep 17 16:08:22 1996
***************
*** 24,31 ****
  fi
  
  # If IP filtering
! if [ -n "$firewall" -a "x$firewall" != "xNO" -a -f /etc/rc.firewall ] ; then
  	sh /etc/rc.firewall
  fi
  
  #
--- 24,49 ----
  fi
  
  # If IP filtering
! /sbin/ipfw flush > /dev/null 2>&1
! 
! if [ $? = 0 ] ; then
!     # IPFIREWALL is in kernel
!     if [ "x$firewall" = "xYES" -a -f /etc/rc.firewall ] ; then
  	sh /etc/rc.firewall
+     else
+     	if [  "x$firewall" = "xOFF" ] ; then
+ 	    /sbin/ipfw add 65000 pass all from any to any
+ 	else
+ 	    echo "Warning: ipfw in kernel not configured - all IP is blocked."
+ 	    echo "         Please read /etc/sysconfig and /etc/rc.firewall"
+ 	fi
+     fi
+ else
+     # IPFIREWALL is not in kernel
+     if [  "x$firewall" = "xYES" ] ; then
+ 	echo "Warning: ipfirewall not in kernel - IP filtering is not available."
+     fi
+ 		
  fi
  
  #