Date: Wed, 28 Sep 2005 13:04:05 +0200 (CEST) From: Oliver Fromme <olli@lurza.secnetix.de> To: freebsd-ipfw@FreeBSD.ORG Subject: Re: Enable ipfw without rebooting Message-ID: <200509281104.j8SB45Bi044217@lurza.secnetix.de> In-Reply-To: <7247A1D7-DCB4-493D-B28A-8E98A21C3983@bnc.net>
next in thread | previous in thread | raw e-mail | index | archive | help
Achim Patzner <ap@bnc.net> wrote:
>
> > Try loading the IPFW KLD ("kldload ipfw").
>
> And remember - doing a "shutdown -r +10" before trying might be a
> good idea - last time I did this I found out the hard way that the
> kernel module was built with a default action of "deny all from any
> to any".
No. Performing a reboot is a rather bad idea.
A much better way would be a small "at" job that inserts
an appropriate "allow" rule:
# echo "/sbin/ipfw add 1 allow ip from any to any" | at + 5 minutes
# kldload ipfw
The same procedure is also useful when activating untested
changes to the IPFW rule sets. If everyting went well and
you didn't get disconnected, use atrm(1) to remove the "at"
job.
Best regards
Oliver
--
Oliver Fromme, secnetix GmbH & Co. KG, Marktplatz 29, 85567 Grafing
Dienstleistungen mit Schwerpunkt FreeBSD: http://www.secnetix.de/bsd
Any opinions expressed in this message may be personal to the author
and may not necessarily reflect the opinions of secnetix in any way.
One Unix to rule them all, One Resolver to find them,
One IP to bring them all and in the zone to bind them.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200509281104.j8SB45Bi044217>