From owner-freebsd-net@FreeBSD.ORG Sat Mar 12 17:02:35 2005 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 63A8116A4CE for ; Sat, 12 Mar 2005 17:02:35 +0000 (GMT) Received: from rproxy.gmail.com (rproxy.gmail.com [64.233.170.197]) by mx1.FreeBSD.org (Postfix) with ESMTP id CCA0243D1D for ; Sat, 12 Mar 2005 17:02:34 +0000 (GMT) (envelope-from chrcoluk@gmail.com) Received: by rproxy.gmail.com with SMTP id a41so1124454rng for ; Sat, 12 Mar 2005 09:02:25 -0800 (PST) DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:reply-to:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:references; b=iZZufRyfZhJmmT+v7GgZ1XP4mOXt9uYiW4F9ZHlAEmNUSN/3eNaU0VTcR1Nb1USMyIK0LKoUalBAdFpDiEtWKE7paNmjbm6eIf0pFIcBbXx/CiqZEQSRYFzHxSKroslXuBDEgUQBazZ9GtPjNDrpEr8VyzbjNrm5dZPCqqcq2XY= Received: by 10.38.90.20 with SMTP id n20mr3634032rnb; Sat, 12 Mar 2005 08:54:34 -0800 (PST) Received: by 10.39.1.32 with HTTP; Sat, 12 Mar 2005 08:54:34 -0800 (PST) Message-ID: <3aaaa3a0503120854d06ada7@mail.gmail.com> Date: Sat, 12 Mar 2005 16:54:34 +0000 From: Chris To: Andrea Venturoli In-Reply-To: <423307B8.8020406@netfence.it> Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit References: <423307B8.8020406@netfence.it> cc: freebsd-net@freebsd.org Subject: Re: ipfw verbosity X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: Chris List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 12 Mar 2005 17:02:35 -0000 I noticed when using check-state, the ssh session will die because the dynamic rules are flushed on the firewall reload. I can of course connect again right away. When using allow from established this problem doesnt occur and my ssh stays alive. What I would like is a way to flush only static rules and leave dynamic rules alone, this would enable me to use check-state again. Chris On Sat, 12 Mar 2005 16:16:08 +0100, Andrea Venturoli wrote: > Hello. > > I noticed that when I issue "sh /etc/rc.firewall" to reload firewall > rules from a remote console, I get disconnected (as I would expect) and > locked out! > > The problems seems to be that "ipfw -f" prints: "command is /usr/local/...". > > This is in /usr/src/sbin/ipfw/ipfw2.c: > > fprintf(stderr, "command is %s\n", av[0]); > > This line does not onor the "-q" flag which, if I understand correctly, > was exactly meant to allow this kind of operations without console access. > > Naturally, I can comment this line in my sources, but I was asking > myself if this should be regarded as something to fix. > > bye & Thanks > av. > _______________________________________________ > freebsd-net@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-net > To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org" >