From owner-freebsd-ipfw@FreeBSD.ORG  Wed Sep 28 12:33:26 2005
Return-Path: <owner-freebsd-ipfw@FreeBSD.ORG>
X-Original-To: freebsd-ipfw@freebsd.org
Delivered-To: freebsd-ipfw@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 5662816A41F
	for <freebsd-ipfw@freebsd.org>; Wed, 28 Sep 2005 12:33:26 +0000 (GMT)
	(envelope-from asstec@matik.com.br)
Received: from msrv.matik.com.br (msrv.matik.com.br [200.152.83.14])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 755D543D48
	for <freebsd-ipfw@freebsd.org>; Wed, 28 Sep 2005 12:33:24 +0000 (GMT)
	(envelope-from asstec@matik.com.br)
Received: from mc01.mega.net.br (nbc.matik.com.br [200.152.83.36])
	by msrv.matik.com.br (8.13.3/8.13.1) with ESMTP id j8SCXNk1095838
	for <freebsd-ipfw@freebsd.org>; Wed, 28 Sep 2005 09:33:24 -0300 (BRST)
	(envelope-from asstec@matik.com.br)
From: AT Matik <asstec@matik.com.br>
Organization: Infomatik
To: freebsd-ipfw@freebsd.org
Date: Wed, 28 Sep 2005 09:33:07 -0300
User-Agent: KMail/1.8.2
References: <200509281224.j8SCOJUv047047@lurza.secnetix.de>
In-Reply-To: <200509281224.j8SCOJUv047047@lurza.secnetix.de>
MIME-Version: 1.0
Content-Type: text/plain;
  charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
Content-Disposition: inline
Message-Id: <200509280933.07846.asstec@matik.com.br>
X-Filter-Version: 1.11a (msrv.matik.com.br)
X-Virus-Scanned: ClamAV version 0.86.2,
	clamav-milter version 0.86 on msrv.matik.com.br
X-Virus-Status: Clean
Subject: Re: Enable ipfw without rebooting
X-BeenThere: freebsd-ipfw@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: IPFW Technical Discussions <freebsd-ipfw.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw>,
	<mailto:freebsd-ipfw-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-ipfw>
List-Post: <mailto:freebsd-ipfw@freebsd.org>
List-Help: <mailto:freebsd-ipfw-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw>,
	<mailto:freebsd-ipfw-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 28 Sep 2005 12:33:26 -0000

On Wednesday 28 September 2005 09:24, Oliver Fromme wrote:

>  > without scheduling a reboot (which can be cancelled just as easily as
>  > removing an at job) is (not only in my opinion) a stupid idea.
>


you might consider pasting this into your rc.firewall

        case ${fw_test_enable} in
        [Yy][Ee][Ss])
        ${fwcmd} add 1 pass proto ip
        ;;
        esac

and add=20

fw_test_enable=3D"YES"

to your rc.conf

so when running `sh /etc/rc.firewall` you can see if your rules are in corr=
ect=20
order and delete manually rule 1 to activate it definitly and setting the=20
parameter in rc.conf to NO


or/and  you may consider creating a script like

case $1 in
        abre)
        $cmd add $rnum pass proto ip
        echo "o FW est=E1 aberto agora!"
        ;;
        fecha)
        $cmd delete $rnum
        echo "o FW est=E1 fechado novamente."
        ;;
        test)
        $cmd delete $rnum
        clear
        echo "O FW fica agora 5 minutos fechado, fa=E7a os seus testes."
        echo "Use um outro terminal ou sess=E3o para o acesso remoto."
        echo "experimente tb todo acesso com navegador etc para confirmar."
        sleep 300
        $cmd add $rnum pass proto ip
        echo "O FW est=E1 aberto novamente."
        ;;
        *)
        echo
        echo "Op=E7=F5es: abre | fecha | test "
        echo
        ;;
        esac

where abre=3Dopen fecha=3Dclose and test=3Dtest and it stays closed for the=
 time you=20
configure

cheers
Jo=E3o








A mensagem foi scaneada pelo sistema de e-mail e pode ser considerada segura.
Service fornecido pelo Datacenter Matik  https://datacenter.matik.com.br