From owner-freebsd-current@FreeBSD.ORG Sun Jun 15 07:01:19 2003 Return-Path: Delivered-To: freebsd-current@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 4CE7337B401 for ; Sun, 15 Jun 2003 07:01:19 -0700 (PDT) Received: from mail.XtremeDev.com (xtremedev.com [216.241.38.65]) by mx1.FreeBSD.org (Postfix) with ESMTP id 8126B43FBD for ; Sun, 15 Jun 2003 07:01:18 -0700 (PDT) (envelope-from bsdc@xtremedev.com) Received: from localhost (localhost [127.0.0.1]) by mail.XtremeDev.com (Postfix) with ESMTP id 355D770603; Sun, 15 Jun 2003 08:01:17 -0600 (MDT) Received: from mail.XtremeDev.com ([127.0.0.1]) by localhost (Amber.XtremeDev.com [127.0.0.1]) (amavisd-new, port 10024) with LMTP id 71568-06; Sun, 15 Jun 2003 08:01:16 -0600 (MDT) Received: by mail.XtremeDev.com (Postfix, from userid 1001) id B28C270601; Sun, 15 Jun 2003 08:01:16 -0600 (MDT) Date: Sun, 15 Jun 2003 08:01:16 -0600 From: BSDC To: Andre Guibert de Bruet Message-ID: <20030615140116.GA72031@Amber.XtremeDev.com> References: <20030614074457.GA28169@rot13.obsecurity.org> <20030615093433.Q31662@alpha.siliconlandmark.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20030615093433.Q31662@alpha.siliconlandmark.com> User-Agent: Mutt/1.5.4i X-Virus-Scanned: by amavisd-new at xtremedev.com cc: current@freebsd.org cc: Kris Kennaway Subject: Re: rc.firewall not executed? X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 15 Jun 2003 14:01:19 -0000 On Sun, Jun 15, 2003 at 09:36:23AM -0400, Andre Guibert de Bruet wrote: > > On Sat, 14 Jun 2003, Kris Kennaway wrote: > > > I just noticed that my ipfw rules were not loaded the last time I > > rebooted. My rc.conf is included below - has something changed > > recently so that these settings are not enough? I didn't see anything > > relevant in UPDATING. My /etc/firewall.conf exists and is readable > > (and unchanged since 2002). > > > > Kris > > > > ---- > > # $FreeBSD: src/etc/defaults/rc.conf,v 1.156 2002/08/30 13:01:42 hm Exp $ > > hostname="citusc17.usc.edu" # Set this! > > nisdomainname="cituscdomain" # Set to NIS domain if using NIS (or NO). > > firewall_enable="YES" # Set to YES to enable firewall functionality > > firewall_type="/etc/firewall.conf" # Firewall type (see /etc/rc.firewall) > ^^^^^^^^^^^^^^^^^^ > This is wrong. Set it to "UNKNOWN". There's firewall_script for that. It is not incorrect. See rc.firewall. By providing a filename for the firewall_type, rc.firewall will instead load the ipfw rules from the given filename. >From rc.firewall: # Define the firewall type in /etc/rc.conf. Valid values are: # open - will allow anyone in # client - will try to protect just this machine # simple - will try to protect a whole network # closed - totally disables IP services except via lo0 interface # UNKNOWN - disables the loading of firewall rules. # filename - will load the rules in the given filename (full path # required) However, I unfortunately do not have an answer for Kris as to why the rules aren't loading anymore.