Date: Mon, 15 Nov 2010 11:03:35 -0800 From: Chuck Swiger <cswiger@mac.com> To: Dave Robison <daver@vicor.com> Cc: freebsd-questions@freebsd.org Subject: Re: IPFW at startup. Message-ID: <1BC2A5B3-529A-41B1-B3A8-E0A046012002@mac.com> In-Reply-To: <4CE18179.5040706@vicor.com> References: <F0EC6A6EA8D7458ABBA85A01BA2EE4EE@GRANTLAPTOP> <4CE18179.5040706@vicor.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Hi-- On Nov 15, 2010, at 10:52 AM, Dave Robison wrote: > I haven't seen someone use "firewall_type" as a path to the config file. If you check the default rc.firewall file, you will see several types of default firewall settings, such as "open" and "closed". You want to set "firewall_type" in rc.conf to be "open" or whatever your firewall type is in /etc/rc.firewall. If you set both of these in /etc/rc.conf: firewall_type="/etc/FW1.ipfw" firewall_flags="-p cpp" ...then /etc/FW1_firewall will be processed by cpp (ie, so you can use #include directives, C-style macros, etc) before going to IPFW. This is probably more obscure than useful for human-editted rulesets :-), but for automated processing and accumulating lists of bad hosts via denyhosts or similar, it can be useful.... Regards, -- -Chuck
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1BC2A5B3-529A-41B1-B3A8-E0A046012002>