From owner-freebsd-hackers  Tue Jun 30 16:02:38 1998
Return-Path: <owner-freebsd-hackers@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id QAA24706
          for freebsd-hackers-outgoing; Tue, 30 Jun 1998 16:02:38 -0700 (PDT)
          (envelope-from owner-freebsd-hackers@FreeBSD.ORG)
Received: from time.cdrom.com (root@time.cdrom.com [204.216.27.226])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id QAA24690
          for <hackers@freebsd.org>; Tue, 30 Jun 1998 16:02:32 -0700 (PDT)
          (envelope-from jkh@time.cdrom.com)
Received: from time.cdrom.com (jkh@localhost.cdrom.com [127.0.0.1])
	by time.cdrom.com (8.8.8/8.8.8) with ESMTP id QAA10825
	for <hackers@freebsd.org>; Tue, 30 Jun 1998 16:02:07 -0700 (PDT)
	(envelope-from jkh@time.cdrom.com)
Prev-Resent: Tue, 30 Jun 1998 16:02:07 -0700
Prev-Resent: "hackers@freebsd.org "
Received: from hub.freebsd.org (hub.FreeBSD.ORG [204.216.27.18])
	by time.cdrom.com (8.8.8/8.8.8) with ESMTP id MAA10161
	for <jkh@time.cdrom.com>; Tue, 30 Jun 1998 12:37:48 -0700 (PDT)
	(envelope-from saska@acc.umu.se)
Received: from montezuma.acc.umu.se (root@montezuma.acc.umu.se [130.239.18.147])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id MAA19344
          for <jkh@freebsd.org>; Tue, 30 Jun 1998 12:38:01 -0700 (PDT)
          (envelope-from saska@acc.umu.se)
Received: from hirohito.acc.umu.se (saska@hirohito.acc.umu.se [130.239.18.140])
	by montezuma.acc.umu.se (8.9.0/8.9.0) with SMTP id VAA01406
	for <jkh@freebsd.org>; Tue, 30 Jun 1998 21:37:55 +0200 (MET DST)
Date: Tue, 30 Jun 1998 21:37:55 +0200 (CEST)
From: Markus Holmberg <saska@acc.umu.se>
To: jkh@FreeBSD.ORG
Subject: ipfw startup script "bug" in 2.2.6-STABLE
Message-ID: <Pine.LNX.3.96.980630213021.23800A-100000@hirohito.acc.umu.se>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-hackers@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

Heya..

I just wanted to notice that the below config in /etc/rc.conf will result
in that the ipfw-rules are not loaded at startup since ipfw won't
understand.. I tried manually "ipfw -q /etc/firewall.conf" and it results
in that ipfw shows usage instead and doesn't load rules.

firewall_type="/etc/firewall.conf"      # Firewall type (see /etc/rc.firewall)
firewall_quiet="YES"                    # Set to YES to suppress rule display

The man page for ipfw doesn't say "ipfw -q filename" is a valid way of
using it.. This could potentially result in that someone who wouldn't
check their startupmsg could get either locked out (if denydefault) or an
all open machine (if allowdefault)....

This problem won't occur if firewall_quiet is set to "NO" (obviously since
-q isn't involved in that case)

OK, just wanted to note it, i'm no expert so i apologize for any ignorance
or errors in this report..

Best Regards, Markus Holmberg.


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-hackers" in the body of the message