Skip site navigation (1)Skip section navigation (2) 
Date:      Mon, 9 Jan 2006 07:36:52 +0200
From:      Giorgos Keramidas <keramida@freebsd.org>
To:        Valmir Filho <valmir@wbrnet.com.br>
Cc:        freebsd-doc@freebsd.org
Subject:   Re: Handbook Errata
Message-ID:  <20060109053652.GA1114@flame.pc>
In-Reply-To: <9310191319.20051215150741@wbrnet.com.br>
References:  <9310191319.20051215150741@wbrnet.com.br>
next in thread | previous in thread | raw e-mail | index | archive | help 
On 2005-12-15 15:07, Valmir Filho <valmir@wbrnet.com.br> wrote:
> Doc,
>
> Readign FreeBSD's Hankbook, specifically the IPFW chapter
> (http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/firewalls-ipfw.html),
> i've found that the following:
>
> 25.6.3 /etc/rc.conf Options
>
> If you do not have IPFW ...
>
> firewall_enable="YES"
>
> Set the script to run to activate your rules:
>
> firewall_script="/etc/ipfw.rules"
>
> My observation is:
>
> Reading  /etc/rc.firewall  script  i?ve  found  that  the  above  line
> (firewall_script="/etc/ipfw.rules") must be changed to "firewall_type"
> and not "firewall_script".

Just to clarify this a bit more:

As Tom Rhodes has already explained, the firewall_script option
is different from firewall_type.  Their difference is relatively
subtle, but it is described in the rc.conf(5) manpage:

     firewall_script
                 (str) This variable specifies the full path to
                 the firewall script to run.  The default is
                 /etc/rc.firewall.

     firewall_type
                 (str) Names the firewall type from the selection
                 in /etc/rc.firewall, or the file which contains
                 the local firewall ruleset.  Valid selections
                 from /etc/rc.firewall are:

                 open    unrestricted IP access
                 closed  all IP services disabled, except via ``lo0''
                 client  basic protection for a workstation
                 simple  basic protection for a LAN.

                 If a filename is specified, the full path must
                 be given.

The rest of the Handbook chapter is written in a style that
bypasses the pre-canned firewall rulesets of rc.firewall, using a
custom shell script that runs ipfw directly, so firewall_script
is correct there.

So we don't need to change anything there, for now.  Thanks for
your willingness to help us improving the docs though.  Please
keep submitting anything you notice that needs to be fixed :)

- Giorgos

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20060109053652.GA1114>