From owner-freebsd-questions@FreeBSD.ORG  Fri Oct 24 23:27:56 2003
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id B6ED116A4B3
	for <freebsd-questions@freebsd.org>;
	Fri, 24 Oct 2003 23:27:56 -0700 (PDT)
Received: from pioneernet.net (mail.pioneernet.net [207.115.64.224])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 3121B43FD7
	for <freebsd-questions@freebsd.org>;
	Fri, 24 Oct 2003 23:27:56 -0700 (PDT)
	(envelope-from chip@wiegand.org)
Received: from wiegand.org [66.114.152.128] by pioneernet.net with ESMTP
  (SMTPD32-6.06) id A810447E0096; Fri, 24 Oct 2003 23:28:32 -0700
Message-ID: <3F9A180A.1030901@wiegand.org>
Date: Fri, 24 Oct 2003 23:28:26 -0700
From: Chip <chip@wiegand.org>
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US;
	rv:1.4) Gecko/20030624 Netscape/7.1 (ax)
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: freebsd-questions@freebsd.org
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
Subject: firewall problem - doesn't seem to be getting read
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>,
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>,
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sat, 25 Oct 2003 06:27:56 -0000

I have an old machine running FBSD-4.0 using ipfw. It's been working as 
is for a few years, but I decided to look it over and make some 
adjustments. I noticed what appears to be a problem - even though 
rc.conf calls for firewall_type=client, when I run ipfw show I get only 
lines -
the divert 8668 line for nat
allow ip from any to any
deny ip from any to any

The rc.conf calls firewall_script=/etc/rc.firewall which is the standard 
that comes installed in FBSD.
I have changed the line firewall_type to open and simple and they both 
result in the same ipfw show response. My kernel is compiled without 
ipfirewall_default_accept, so it should be default to deny.
I know the machine needs to be upgraded but it has been working fine for 
years. I was looking into blocking instant messaging occasionally so my 
son can concentrate on his homework, and some how speed up my peer to 
peer connections which appear to rely on udp.
Anyway, any idea what might be wrong with my setup, it not reading the 
rc.firewall script.
--
chip