From owner-freebsd-questions Tue Feb 8 17:17:50 2000 Delivered-To: freebsd-questions@freebsd.org Received: from mx2.x-treme.gr (mx2.x-treme.gr [212.120.192.15]) by builder.freebsd.org (Postfix) with ESMTP id 3258044E8 for ; Tue, 8 Feb 2000 14:33:54 -0800 (PST) Received: from hades.hell.gr (pat5.x-treme.gr [212.120.197.197]) by mx2.x-treme.gr (8.9.3/8.9.3/IPNG-ADV-ANTISPAM-0.1) with ESMTP id AAA18319; Wed, 9 Feb 2000 00:00:52 +0200 Received: by hades.hell.gr (Postfix, from userid 1001) id 7ADB268DA7; Tue, 8 Feb 2000 04:03:03 +0200 (EET) Date: Tue, 8 Feb 2000 04:03:03 +0200 From: Giorgos Keramidas To: Chip Wiegand Cc: questions@freebsd.org Subject: Re: rc.firewall problem Message-ID: <20000208040302.B10648@hades.hell.gr> Reply-To: keramida@ceid.upatras.gr References: <389D1F1A.294E659E@wiegand.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 1.0i In-Reply-To: <389D1F1A.294E659E@wiegand.org>; from chip@wiegand.org on Sat, Feb 05, 2000 at 11:13:30PM -0800 X-PGP-Fingerprint: 62 45 D1 C9 26 F9 95 06 D6 21 2A C8 8C 16 C0 8E X-Phone-Number: +30-94-6203692, +30-93-2886457 X-Address: Theodorou Kirinaiou 61, 26334 Patra, Greece Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG On Sat, Feb 05, 2000 at 11:13:30PM -0800, Chip Wiegand wrote: > > I set up ipfirewall exactly as specified in The complete FreeBSD 3.3 > book for the 'simple' firewall profile. First problem was when I > rebooted I got a message about a line in the rc.firewall that wasn't > recognized - it didn't like ' elif [..... etc]; then ' (page 504), > and I got prompt that the system couldn't find the path to the shell, > I had to enter it or hit enter. I did. > > Then edited rc.firewall ... [snip] You're not supposed to edit or modify in any way rc.firewall, well, at least most of the time. Let's see how you can start fixing things... For a starters, restore your /etc/rc.firewall by copying over it the original from /usr/src/etc/rc.firewall. This will get your rc.firewall script in it's original shape, and you'll be able to set the thing up properly. Then, you need to copy the following lines of /etc/defaults/rc.conf into your /etc/rc.conf file: firewall_enable="NO" firewall_type="UNKNOWN" to enable the ipfw firewall at boot time, change these lines to look like the following [make the changes ONLY in /etc/rc.conf]: firewall_enable="YES" firewall_type="simple" Optionally, you might want to set firewall_quiet to YES, to disable the printing of the actual firewall rules. Do this by adding the following line to your /etc/rc.conf: firewall_quiet="YES" For more information on writing your own rule-set, and a few really basic examples of using ipfw, you can always take a look at: OR Ciao. -- Giorgos Keramidas, < keramida @ ceid . upatras . gr > For my public PGP key: finger keramida@diogenis.ceid.upatras.gr PGP fingerprint, phone and address in the headers of this message. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message