Date: Mon, 9 Jan 2006 07:36:52 +0200 From: Giorgos Keramidas <keramida@freebsd.org> To: Valmir Filho <valmir@wbrnet.com.br> Cc: freebsd-doc@freebsd.org Subject: Re: Handbook Errata Message-ID: <20060109053652.GA1114@flame.pc> In-Reply-To: <9310191319.20051215150741@wbrnet.com.br> References: <9310191319.20051215150741@wbrnet.com.br>
next in thread | previous in thread | raw e-mail | index | archive | help
On 2005-12-15 15:07, Valmir Filho <valmir@wbrnet.com.br> wrote: > Doc, > > Readign FreeBSD's Hankbook, specifically the IPFW chapter > (http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/firewalls-ipfw.html), > i've found that the following: > > 25.6.3 /etc/rc.conf Options > > If you do not have IPFW ... > > firewall_enable="YES" > > Set the script to run to activate your rules: > > firewall_script="/etc/ipfw.rules" > > My observation is: > > Reading /etc/rc.firewall script i?ve found that the above line > (firewall_script="/etc/ipfw.rules") must be changed to "firewall_type" > and not "firewall_script". Just to clarify this a bit more: As Tom Rhodes has already explained, the firewall_script option is different from firewall_type. Their difference is relatively subtle, but it is described in the rc.conf(5) manpage: firewall_script (str) This variable specifies the full path to the firewall script to run. The default is /etc/rc.firewall. firewall_type (str) Names the firewall type from the selection in /etc/rc.firewall, or the file which contains the local firewall ruleset. Valid selections from /etc/rc.firewall are: open unrestricted IP access closed all IP services disabled, except via ``lo0'' client basic protection for a workstation simple basic protection for a LAN. If a filename is specified, the full path must be given. The rest of the Handbook chapter is written in a style that bypasses the pre-canned firewall rulesets of rc.firewall, using a custom shell script that runs ipfw directly, so firewall_script is correct there. So we don't need to change anything there, for now. Thanks for your willingness to help us improving the docs though. Please keep submitting anything you notice that needs to be fixed :) - Giorgos
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20060109053652.GA1114>