From owner-freebsd-stable  Wed Jul 18  3:32:41 2001
Delivered-To: freebsd-stable@freebsd.org
Received: from [192.168.100.19] (smtp.kpnqwest.com [193.242.92.8])
	by hub.freebsd.org (Postfix) with ESMTP id 2E72F37B403
	for <freebsd-stable@freebsd.org>; Wed, 18 Jul 2001 03:32:38 -0700 (PDT)
	(envelope-from Marek.Kozlovsky@kpnqwest.com)
Received: from ntexghub01.kpnqwest.com (unverified) by 
 (Content Technologies SMTPRS 4.2.1) with ESMTP id <T54d26c26dac0a86413478@> for <freebsd-stable@freebsd.org>;
 Wed, 18 Jul 2001 12:32:36 +0200
Received: by ntexghub01 with Internet Mail Service (5.5.2653.19)
	id <3Y3ZBV7M>; Wed, 18 Jul 2001 12:32:36 +0200
Message-ID: <31FD3FA70CBED31189E700508B6401718E0C97@ntexgpra01>
From: "Kozlovsky, Marek" <Marek.Kozlovsky@KPNQwest.com>
To: "'freebsd-stable@freebsd.org'" <freebsd-stable@freebsd.org>
Subject: RE: ipfw not running custom rulesets
Date: Wed, 18 Jul 2001 12:32:34 +0200
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2653.19)
Content-Type: text/plain;
	charset="iso-8859-1"
Sender: owner-freebsd-stable@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-stable.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-stable>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-stable>
X-Loop: FreeBSD.ORG

Hi,

> Hello All,
> 
> I have cvsuped to -stable on Jul 7, after the system seemed 
> ok, I have built
> a custom kernel with IPFIREWALL and 
> IPFIREWALL_DEFAULT_TO_ACCEPT options in
> it.
> 
> Now, on 4.2-R it was ok, but on 4.3-S somewhy ipfw refuses to 
> run my custom
> ruleset on boot up.
> 
> voyager# cat /etc/rc.conf | grep firewall
> firewall_enable="YES"
> firewall_script="/etc/rc.firewall"
> firewall_type="/etc/ipfw.rules"
> firewall_quiet="YES"
> 
> voyager# cat /etc/ipfw.rules
> /sbin/ipfw -f flush
> /sbin/ipfw add 2 prob 0.5 deny icmp from any to any in icmptypes 8
> /sbin/ipfw add 150 deny tcp from any to any 111,587,3306
> /sbin/ipfw add 151 deny udp from any to any 111,587,3306
> 

here's the error I believe. /etc/rc.firewall says $fwcmd $fwflags $fw_type,
so you should put in /etc/ipfw.rules your rules without the leading
'/sbin/ipfw'

> So i have to load these rules manually.
> Any ideas?
> 
> Thanks.
> 
> -=-=-=-
> Regards,
> 
> Alex M aka TZapper
> alex@myzona.net

Buki

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-stable" in the body of the message