From owner-freebsd-stable  Wed May 29 10:11:55 2002
Delivered-To: freebsd-stable@freebsd.org
Received: from damnhippie.dyndns.org (12-253-177-2.client.attbi.com [12.253.177.2])
	by hub.freebsd.org (Postfix) with ESMTP id BCFAF37B883
	for <freebsd-stable@freebsd.org>; Wed, 29 May 2002 09:49:19 -0700 (PDT)
Received: from [172.22.42.2] (peace.hippie.lan [172.22.42.2])
	by damnhippie.dyndns.org (8.12.3/8.12.3) with ESMTP id g4TGjs6r027053
	for <freebsd-stable@freebsd.org>; Wed, 29 May 2002 10:45:54 -0600 (MDT)
	(envelope-from freebsd@damnhippie.dyndns.org)
User-Agent: Microsoft Outlook Express Macintosh Edition - 5.01 (1630)
Date: Wed, 29 May 2002 10:46:00 -0600
Subject: Re: Server won't boot after recompile the kernel with ipfw support
From: Ian <freebsd@damnhippie.dyndns.org>
To: freebsd-stable <freebsd-stable@freebsd.org>
Message-ID: <B91A61E7.D64D%freebsd@damnhippie.dyndns.org>
In-Reply-To: <3CF48FB4.E82525FE@alogis.com>
Mime-version: 1.0
Content-type: text/plain; charset="US-ASCII"
Content-transfer-encoding: 7bit
Sender: owner-freebsd-stable@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-stable.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-stable>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-stable>
X-Loop: FreeBSD.ORG

On 05/29/02 02:22, Holger Kipp wrote:

> Matthew Dillon wrote:
>> 
>> :
>> :Thanks for your info. I will ask the person who near with the server to
>> :issue that command from the console then. BTW how can I keep the
>> :firewall rules to be permanent on FreeBSD ? Put it on rc.firewall, or
>> :create another script that runs everytime the server gets rebooted ?
>> :
>> :Thanks
>> 
>> If you have a relatively recent version of FreeBSD you can do a
>> 'man firewall' and it will give you a whole lot of very good
>> information.  Basically though in /etc/rc.conf you do:
>> 
>> firewall_enable="YES"
>> firewall_type="/etc/ipfw.conf"
>> 
>> And then put the firewall rules in /etc/rc.firewall.
> 
> To point out the obvious: put the firewall rules in "/etc/ipfw.conf",
> if firewall_type contains a filename. If firewall_type is the name
> of a configuration, edit rc.firewall.
> 
> Regards,
> Holger

Waaaa.  Don't edit rc.firewall, or /etc/defaults/rc.conf as was suggested
earlier in this thread.  Doing so just smears your local configuration into
non-standard places and makes future upgrades harder on you.

Have a look at /etc/rc.firewall and see if one of the standard named
configurations it supports is right for you.  If so, set it in firewall_type
in rc.conf.  Otherwise use firewall_type="/etc/ipfw.conf" and put your own
ruleset into that file (which won't get clobbered on upgrades).

-- Ian


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-stable" in the body of the message