Skip site navigation (1)Skip section navigation (2)
Date:      Sun, 15 Jun 2003 08:01:16 -0600
From:      BSDC <bsdc@xtremedev.com>
To:        Andre Guibert de Bruet <andy@siliconlandmark.com>
Cc:        Kris Kennaway <kris@obsecurity.org>
Subject:   Re: rc.firewall not executed?
Message-ID:  <20030615140116.GA72031@Amber.XtremeDev.com>
In-Reply-To: <20030615093433.Q31662@alpha.siliconlandmark.com>
References:  <20030614074457.GA28169@rot13.obsecurity.org> <20030615093433.Q31662@alpha.siliconlandmark.com>

next in thread | previous in thread | raw e-mail | index | archive | help
On Sun, Jun 15, 2003 at 09:36:23AM -0400, Andre Guibert de Bruet wrote:
> 
> On Sat, 14 Jun 2003, Kris Kennaway wrote:
> 
> > I just noticed that my ipfw rules were not loaded the last time I
> > rebooted.  My rc.conf is included below - has something changed
> > recently so that these settings are not enough?  I didn't see anything
> > relevant in UPDATING.  My /etc/firewall.conf exists and is readable
> > (and unchanged since 2002).
> >
> > Kris
> >
> > ----
> > # $FreeBSD: src/etc/defaults/rc.conf,v 1.156 2002/08/30 13:01:42 hm Exp $
> > hostname="citusc17.usc.edu"     # Set this!
> > nisdomainname="cituscdomain"    # Set to NIS domain if using NIS (or NO).
> > firewall_enable="YES"           # Set to YES to enable firewall functionality
> > firewall_type="/etc/firewall.conf"      # Firewall type (see /etc/rc.firewall)
>                  ^^^^^^^^^^^^^^^^^^
> This is wrong. Set it to "UNKNOWN". There's firewall_script for that.

It is not incorrect. See rc.firewall. By providing a filename for the
firewall_type, rc.firewall will instead load the ipfw rules from the
given filename.

>From rc.firewall:
# Define the firewall type in /etc/rc.conf.  Valid values are:
#   open     - will allow anyone in
#   client   - will try to protect just this machine
#   simple   - will try to protect a whole network
#   closed   - totally disables IP services except via lo0 interface
#   UNKNOWN  - disables the loading of firewall rules.
#   filename - will load the rules in the given filename (full path
#   required)

However, I unfortunately do not have an answer for Kris as to why the
rules aren't loading anymore.



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20030615140116.GA72031>