Date: Wed, 28 Sep 2005 09:33:07 -0300 From: AT Matik <asstec@matik.com.br> To: freebsd-ipfw@freebsd.org Subject: Re: Enable ipfw without rebooting Message-ID: <200509280933.07846.asstec@matik.com.br> In-Reply-To: <200509281224.j8SCOJUv047047@lurza.secnetix.de> References: <200509281224.j8SCOJUv047047@lurza.secnetix.de>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wednesday 28 September 2005 09:24, Oliver Fromme wrote:
> > without scheduling a reboot (which can be cancelled just as easily as
> > removing an at job) is (not only in my opinion) a stupid idea.
>
you might consider pasting this into your rc.firewall
case ${fw_test_enable} in
[Yy][Ee][Ss])
${fwcmd} add 1 pass proto ip
;;
esac
and add=20
fw_test_enable=3D"YES"
to your rc.conf
so when running `sh /etc/rc.firewall` you can see if your rules are in corr=
ect=20
order and delete manually rule 1 to activate it definitly and setting the=20
parameter in rc.conf to NO
or/and you may consider creating a script like
case $1 in
abre)
$cmd add $rnum pass proto ip
echo "o FW est=E1 aberto agora!"
;;
fecha)
$cmd delete $rnum
echo "o FW est=E1 fechado novamente."
;;
test)
$cmd delete $rnum
clear
echo "O FW fica agora 5 minutos fechado, fa=E7a os seus testes."
echo "Use um outro terminal ou sess=E3o para o acesso remoto."
echo "experimente tb todo acesso com navegador etc para confirmar."
sleep 300
$cmd add $rnum pass proto ip
echo "O FW est=E1 aberto novamente."
;;
*)
echo
echo "Op=E7=F5es: abre | fecha | test "
echo
;;
esac
where abre=3Dopen fecha=3Dclose and test=3Dtest and it stays closed for the=
time you=20
configure
cheers
Jo=E3o
A mensagem foi scaneada pelo sistema de e-mail e pode ser considerada segura.
Service fornecido pelo Datacenter Matik https://datacenter.matik.com.br
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200509280933.07846.asstec>