Date: Tue, 7 Nov 2000 22:25:38 -0800 From: "Crist J . Clark" <cjclark@reflexnet.net> To: cdel <c_deless@efn.org> Cc: freebsd-stable@FreeBSD.ORG Subject: Re: ipfw rules flushing unexpectedly Message-ID: <20001107222538.L75251@149.211.6.64.reflexcom.com> In-Reply-To: <Pine.GSU.4.21.0011070814270.14978-100000@garcia.efn.org>; from c_deless@efn.org on Tue, Nov 07, 2000 at 08:22:30AM -0800 References: <Pine.GSU.4.21.0011070814270.14978-100000@garcia.efn.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, Nov 07, 2000 at 08:22:30AM -0800, cdel wrote: > Three days ago I noticed that the ipfw rules had purged themselves from > memory. The box was 4.1.1-STABLE, 'supped on 10/24/00. Yesterday I supped > in 4.2-BETA #0, re-installed world and a fresh kernel and discovered this > morning that this had no effect. The box is 'Default Deny' so the purged > rules keep everyone out but results in a DOS of sorts. > > Any ideas or similar experiences? For now I've resorted to cron to re-run > the ipfw rule script periodically as a precaution. Dunno. You didn't put executable commands in rc.conf or something like that? You might put some logging rule in your firewall to track down the time of failure. Perhaps something like, # ipfw add 50 pass log icmp from 127.0.0.1 to 127.0.0.1 And then run a cronjob every 10, 5, 1, or whatever, minutes, 0/5 * * * * ping -c 1 127.0.0.1 To see when the messages stop. -- Crist J. Clark cjclark@alum.mit.edu To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20001107222538.L75251>