From owner-freebsd-questions  Sat Dec 29 12: 7:57 2001
Delivered-To: freebsd-questions@freebsd.org
Received: from cody.jharris.com (cody.jharris.com [205.238.128.83])
	by hub.freebsd.org (Postfix) with ESMTP id E8AD837B419
	for <questions@FreeBSD.ORG>; Sat, 29 Dec 2001 12:07:53 -0800 (PST)
Received: from localhost (nick@localhost)
	by cody.jharris.com (8.11.1/8.9.3) with ESMTP id fBTK7pB24977;
	Sat, 29 Dec 2001 14:07:52 -0600 (CST)
	(envelope-from nick@rogness.net)
Date: Sat, 29 Dec 2001 14:07:51 -0600 (CST)
From: Nick Rogness <nick@rogness.net>
X-Sender: nick@cody.jharris.com
To: Joe & Fhe Barbish <barbish@a1poweruser.com>
Cc: FBSD Questions <questions@FreeBSD.ORG>
Subject: Re: ipfw commands
In-Reply-To: <LPBBIGIAAKKEOEJOLEGOOELICKAA.barbish@a1poweruser.com>
Message-ID: <Pine.BSF.4.21.0112291353010.13502-100000@cody.jharris.com>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-questions.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-questions>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-questions>
X-Loop: FreeBSD.ORG

On Sat, 29 Dec 2001, Joe & Fhe Barbish wrote:

> I created a file containing my add statements. What is the ipfw command
> to load this file after ipfw has been started at boot up?

	# ipfw rules.filename

	Or if you want them to load on system startup, you would add the
	following in /etc/rc.conf:

		firewall_type="rules.filename"

 
> The FBSD handbook says that you can tell ipfw to create a rules file
> from it's internal table using the ipfw list command.  What is the
> format of to ipfw command to generate the rules file?

	You are probably referring to:

	# ipfw list > rules.filename

	But that won't generate a useful rules file, because you are
	missing the "add" statement before each line.  The lines in
	rules.filename should look like:

		add 1000 allow ip from any to any via ed0
		add 1200 allow tcp from any to any 80

	

> 
> Why does the output from the ipfw list command look different from 
> what the rules look like going in? 

	As stated above, you are missing the "add" option at the beginning
	of the line.

> Is there some option to get the list rules command to list the rules 
> like they were entered?

	Not that I am aware of.  You could still use `ipfw list >
	rules.filename` and edit the rules.filename when it is done and
	enter the needed "add" option at the beginning of each line.

> 
> I do not have line numbers on my add rule statement. 
> The rules seem to work correctly. 
> Are the line numbers necessary?
> 

	No.  It will add them one after the other.


> Are there any commonly used ipfw command options that you think I would 
> benefit knowing of?
> 

	See the man page for ipfw for more usefull output.  I frequently
	use:
		
		ipfw -a l


Nick Rogness <nick@rogness.net>
 - Don't mind me...I'm just sniffing your packets


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message