From owner-freebsd-security@FreeBSD.ORG  Fri Apr 29 12:22:40 2005
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Delivered-To: freebsd-security@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id E0C2016A4CF
	for <freebsd-security@freebsd.org>;
	Fri, 29 Apr 2005 12:22:40 +0000 (GMT)
Received: from a2.scoop.co.nz (aurora.scoop.co.nz [202.50.109.205])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 0B0B143D60
	for <freebsd-security@freebsd.org>;
	Fri, 29 Apr 2005 12:22:40 +0000 (GMT)
	(envelope-from andrew@scoop.co.nz)
Received: from a2.scoop.co.nz (localhost [127.0.0.1])
	by a2.scoop.co.nz (8.13.3/8.12.11) with ESMTP id j3TCMc8B005518;
	Sat, 30 Apr 2005 00:22:38 +1200 (NZST)
	(envelope-from andrew@scoop.co.nz)
Received: from localhost (andrew@localhost)j3TCMcmw005515;
	Sat, 30 Apr 2005 00:22:38 +1200 (NZST)
	(envelope-from andrew@scoop.co.nz)
X-Authentication-Warning: a2.scoop.co.nz: andrew owned process doing -bs
Date: Sat, 30 Apr 2005 00:22:38 +1200 (NZST)
From: Andrew McNaughton <andrew@scoop.co.nz>
To: Neo-Vortex <root@Neo-Vortex.net>
In-Reply-To: <20050429203417.P85987@Neo-Vortex.net>
Message-ID: <20050430001910.C3271@a2.scoop.co.nz>
References: <4272011F.9040707@netmagicsolutions.com>
	<20050429194242.I78552@Neo-Vortex.net>
	<20050429203417.P85987@Neo-Vortex.net>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed
X-Virus-Scanned: ClamAV version 0.83, clamav-milter version 0.83 on
	a2.scoop.co.nz
X-Virus-Status: Clean
cc: freebsd-security@freebsd.org
cc: Siddhartha Jain <sid@netmagicsolutions.com>
Subject: Re: IPFW disconnections and resets
X-BeenThere: freebsd-security@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: Security issues [members-only posting]
	<freebsd-security.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>,
	<mailto:freebsd-security-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-security>
List-Post: <mailto:freebsd-security@freebsd.org>
List-Help: <mailto:freebsd-security-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>,
	<mailto:freebsd-security-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 29 Apr 2005 12:22:41 -0000

On Fri, 29 Apr 2005, Neo-Vortex wrote:

> On Fri, 29 Apr 2005, Siddhartha Jain wrote:
>
>> Even if I run this script as it is (without running from within another
>> script and redirecting), I don't get disconnected.
>
> hehe, probobly different shells or something (i use tcsh) - or mabe luck
> :) but without it i get disconnected like 99.9% of times (although because
> of the first rule after flush, only like 1% of the time do i get locked
> out :P)

1% is way too much.  use nohup.  eg:

     nohup sh /etc/rc.firewall simple &

You can wrap that in a script if you think it's necessary.

Other common advice is to run the firewall script while in a 'screen' 
environment.  See ports for screen.

Andrew McNaughton




--

There is no way to happiness
Happiness is the way

-------------------------------------------------------------------
Andrew McNaughton           http://www.scoop.co.nz/
andrew@scoop.co.nz          Mobile: +61 422 753 792

--
pgp encrypted mail welcome
keyid: 70F6C32D      keyserver: pgp.mit.edu
5688 2396 AA81 036A EBAC 2DD4 1BEA 7975 A84F 6686