From owner-freebsd-bugs Sun Jun 13 13:41:42 1999 Delivered-To: freebsd-bugs@freebsd.org Received: from flood.ping.uio.no (flood.ping.uio.no [129.240.78.31]) by hub.freebsd.org (Postfix) with ESMTP id CBC1914EDB; Sun, 13 Jun 1999 13:41:39 -0700 (PDT) (envelope-from des@flood.ping.uio.no) Received: (from des@localhost) by flood.ping.uio.no (8.9.3/8.9.1) id WAA34960; Sun, 13 Jun 1999 22:41:37 +0200 (CEST) (envelope-from des) To: Adam David Cc: ru@FreeBSD.ORG, freebsd-bugs@FreeBSD.ORG Subject: Re: kern/3244: ipfw flush closes connections References: <199906132000.UAA15624@veda.is> From: Dag-Erling Smorgrav Date: 13 Jun 1999 22:41:36 +0200 In-Reply-To: Adam David's message of "Sun, 13 Jun 1999 20:00:57 +0000 (GMT)" Message-ID: Lines: 39 X-Mailer: Gnus v5.5/Emacs 19.34 Sender: owner-freebsd-bugs@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Adam David writes: > > # sh /etc/firewall >ipfw.out 2>&1 > > > > or > > > > # (sh /etc/firewall &) > > I think the latter works, and there was once a time when it did not. It's a question of timing. What happens when you press enter is that your shell parses the command and forks a subshell (because of the parentheses). The subshell fork/execs /bin/sh, then exits. The parent shell (which was waiting for the subshell to terminate) prints out a new prompt. If you're out of luck, by the time your shell prints the new prompt, /bin/sh has already run 'ipfw -q flush', the firewall is temporarily impregnable, telnetd / sshd gets an EPERM or EACCES and shuts down the connection. Of course, if your firewall script produces output, the exact same problem is triggered by that output. You can fix that by redirecting the output. You can fix the trickier problem of the prompt by adding a delay to allow the shell to display its prompt before the firewall script runs: # (sleep 2 && sh /etc/firewall&)& Running the script in the background in a subshell should disown it (i.e. dissociate it from the parent shell so it's not killed when the parent shell dies), so even if you lose your connection, the script will run to completion (assuming there are no errors in it), and you should be able to reconnect once the rules to let you in are installed. This *may* vary from shell to shell; I use zsh. DES -- Dag-Erling Smorgrav - des@flood.ping.uio.no To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-bugs" in the body of the message