Date: Wed, 18 Jul 2001 21:56:36 +1000 From: Tony Maher <tonym@angis.org.au> To: stable@freebsd.org Subject: Re: ipfw not running custom rulesets Message-ID: <3B557974.3C2F48CF@angis.org.au> References: <31FD3FA70CBED31189E700508B6401718E0C97@ntexgpra01>
next in thread | previous in thread | raw e-mail | index | archive | help
> > Now, on 4.2-R it was ok, but on 4.3-S somewhy ipfw refuses to > > run my custom ruleset on boot up. > > voyager# cat /etc/ipfw.rules > > /sbin/ipfw -f flush > > /sbin/ipfw add 2 prob 0.5 deny icmp from any to any in icmptypes 8 > > /sbin/ipfw add 150 deny tcp from any to any 111,587,3306 > > /sbin/ipfw add 151 deny udp from any to any 111,587,3306 > > > > here's the error I believe. /etc/rc.firewall says $fwcmd $fwflags $fw_type, > so you should put in /etc/ipfw.rules your rules without the leading > '/sbin/ipfw' I believe you are correct. Though there appears to be two ways to achieve the same result. If you define: firewall_enable="YES" firewall_type="UNKNOWN" # default in /etc/defaults/rc.conf firewall_script="/etc/ipfw.rules" the rc.network will run /etc/ipfw.rules and you *need* the leading /sbin/ipfw (and /etc/rc.firewall will do nothing, actually if I am reading rc.network correctly, it wont be run at all and firewall_type is not used) -- Tony Maher Systems Engineer email: tonym@biolateral.com.au BioLateral Pty Ltd. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3B557974.3C2F48CF>