From owner-freebsd-isp Tue Feb 11 15:47:40 2003 Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id BD5D137B405 for ; Tue, 11 Feb 2003 15:47:38 -0800 (PST) Received: from fw.mccons.net (adsl-65-64-105-41.dsl.kscymo.swbell.net [65.64.105.41]) by mx1.FreeBSD.org (Postfix) with ESMTP id 4C9A543FF2 for ; Tue, 11 Feb 2003 15:47:37 -0800 (PST) (envelope-from root@mccons.net) Received: from fw.mccons.net (localhost [127.0.0.1]) by fw.mccons.net (8.12.6/8.12.6) with ESMTP id h1BNlYB5011626; Tue, 11 Feb 2003 17:47:34 -0600 (CST) (envelope-from root@mccons.net) Received: from localhost (root@localhost) by fw.mccons.net (8.12.6/8.12.6/Submit) with ESMTP id h1BNlQcx011619; Tue, 11 Feb 2003 17:47:34 -0600 (CST) Date: Tue, 11 Feb 2003 17:47:26 -0600 (CST) From: Wm Brian McCane To: Jez Hancock Cc: FreeBSD ISP List , Chuck Swiger Subject: Re: Local package initialization In-Reply-To: <20030210125901.GC45355@users.munk.nu> Message-ID: <20030211174529.L11540-100000@fw.mccons.net> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII X-Virus-Scanned: by amavisd-milter (http://amavis.org/) Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Personally, I would feed your stats into cricket so you could have pretty pictures :). But, if ipfw does something, as mine does, and if you boot your firewall in closed mode, as I do, everything that needs the firewall to be open fails. This can take a little while to figure out when you are dinking around at 3am ;) - brian On Mon, 10 Feb 2003, Jez Hancock wrote: > Hi Chuck, > > On Sun, Feb 09, 2003 at 04:18:08PM -0500, Chuck Swiger wrote: > > Jez Hancock wrote: > > [ ... ] > > >As an example, if the files in /usr/local/etc/rc.d dir looks like this: > > > > > >-rwxr-x--- 1 root wheel 181 Dec 23 22:05 000.mysql-client.sh* > > >-r-xr-xr-x 1 root wheel 248 Dec 14 09:26 000.pkgtools.sh* > > >-r-xr-xr-x 1 root wheel 307 Jan 19 16:32 100.apache.sh* > > >-rwxr-x--x 1 root wheel 316 Nov 11 01:19 200.idled.sh* > > >-rwxr-x--- 1 root wheel 181 Dec 23 22:05 300.mysql.sh* > > >-rwxr-xr-x 1 root wheel 1742 Jan 14 18:03 999.ipfw.sh* > > > > > >Then the scripts will be run in the order: > > > > > >mysql-client > > >pkgtools > > >apache > > >idled > > >ipfw > > > > Note that the above ordering leaves a window of vulnerability after a > > system reboot, where the firewall rules are not yet in place. It's > > safer to start up the firewall first, and then everything else. > The ipfw script only counts user traffic for stats - you can > see the results here: > > http://ipfwstats.munk.nu > > keep meaning to make that frontend look nicer so I can package it up > and maybe have it added to the ports eventually. > > For pass/block packet filtering I use ipf (which loads up prior to the local > packages). > > Cheers, > > Jez > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-isp" in the body of the message > +-----------------------------------+------------------------------------------+ He rides a cycle of mighty days, and \ Wm Brian and Lori McCane represents the last great schizm among\ McCane Consulting the gods. Evil though he obviously is, \ root@mccons.net he is a mighty figure, this father of \ http://freenews.maxbaud.net/ my spirit, and I respect him as the sons \ http://www.sellit-here.com/ of old did the fathers of their bodies. \ http://recall.maxbaud.net/ Roger Zelazny - "Lord of Light" \ http://www.mccons.net/ +-------------------------------------------+----------------------------------+ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message