From owner-freebsd-questions@freebsd.org Fri Apr 10 20:36:08 2020 Return-Path: Delivered-To: freebsd-questions@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id C235327870E for ; Fri, 10 Apr 2020 20:36:08 +0000 (UTC) (envelope-from kudzu@tenebras.com) Received: from mail-qt1-x82a.google.com (mail-qt1-x82a.google.com [IPv6:2607:f8b0:4864:20::82a]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "smtp.gmail.com", Issuer "GTS CA 1O1" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 48zVCX4pXzz4X71 for ; Fri, 10 Apr 2020 20:36:08 +0000 (UTC) (envelope-from kudzu@tenebras.com) Received: by mail-qt1-x82a.google.com with SMTP id o10so2432791qtr.6 for ; Fri, 10 Apr 2020 13:36:08 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=tenebras-com.20150623.gappssmtp.com; s=20150623; h=mime-version:references:in-reply-to:from:date:message-id:subject:to; bh=HW5n+P6SDNRLQcVv6YfJHuq+63JsvsOLQA+i/JDfnt4=; b=iYbCypd8fFQNWjJ2EQw+s2m4nfkJV9wo07hyzHPTYOPgaIFuG+q4cNO7Ma5wKqTcul is5mnxpYfzDrt28BEc742Fwburi0D0OX9BKVU2lcdvkzclK2UPyS1PPW2zy+1In3l5il lTdoKoJKB5nkjQDD48nHcxWAUYRiEP/80DoyA8EiOTYq0n8DFqt6bL9LGz0EWw/RGSk4 Ig0GkYU92tfvEZoAhGQaQzEEkQDgDsdm2UYDsUB9nTk3jeqEilM9sIQzPn2TztvQJ9OU I+1kL5ULm+aMe7pv6p5qyr6Ned1/dIC+78296U1YAWvq/CItaB0/DzmsDAy/6c2c2/Fy DzZg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to; bh=HW5n+P6SDNRLQcVv6YfJHuq+63JsvsOLQA+i/JDfnt4=; b=Ae3TvY0IswpIoW/hWXVFsKHmkjP5uANIPUQ4XSJ06GY+wyODthWrBijxgTFXDWSHAt Tb8rNfbaTkBIYi1S00CLBHHapkP2xInq/OGr4aUj34A7S32LNAiKEu2aZTIGZiGSX0ZU KI0A1/O9sN1jn6aKhpt0QwV4/QH8+t0GKbATed31PIVrx2y036t6b2l4qpBIuRBRWl7i qr31LyE0n2BqHW2M9QsIcxbVa3v3IH+l3ILphmmh0bueq5KWZpnzKjLuBIILAtL8Kb+Q eD72aXrEXB2zeR1rOqSohbkOwAJXyrJejdVSi9WhhGrTBIFue7DaQELRD/3t9GxMk7Jo Cv+A== X-Gm-Message-State: AGi0PubvA/8hNtghPldkDmc/VzyvNgVg+dSNg7zDj2xK5SQVsgLrbx55 lhhus1r2w1n1CZ4Zr+2+P2yNSWXFUPjDcA2bQ0tJxBUfBjSNDA== X-Google-Smtp-Source: APiQypK/1p6ihiOvyfP0z9rB/mHZsdep2+GCMTo8qQ9ul9cQLB1QXdacEcFjk6NwervdnGpzNN6IyDzMotqqOnEXmsM= X-Received: by 2002:ac8:688f:: with SMTP id m15mr976801qtq.123.1586550966891; Fri, 10 Apr 2020 13:36:06 -0700 (PDT) MIME-Version: 1.0 References: <44blnzta6s.fsf@be-well.ilk.org> In-Reply-To: <44blnzta6s.fsf@be-well.ilk.org> From: Michael Sierchio Date: Fri, 10 Apr 2020 13:35:30 -0700 Message-ID: Subject: Re: Cron config for ipfw table To: FreeBSD Questions X-Rspamd-Queue-Id: 48zVCX4pXzz4X71 X-Spamd-Bar: ----- Authentication-Results: mx1.freebsd.org; none X-Spamd-Result: default: False [-6.00 / 15.00]; NEURAL_HAM_MEDIUM(-1.00)[-1.000,0]; NEURAL_HAM_LONG(-1.00)[-1.000,0]; REPLY(-4.00)[] Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Content-Filtered-By: Mailman/MimeDel 2.1.29 X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 10 Apr 2020 20:36:08 -0000 On Fri, Apr 10, 2020 at 12:26 PM Lowell Gilbert < freebsd-questions-local@be-well.ilk.org> wrote: > Jos Chrispijn writes: > > > I have added a line to my crontab that defines running a script on > reboot: > > > > @reboot bash /root/cronjobs/reboot.sh & > > > > This (bash) .sh script should add an updated ipfw table (preventing I > > have to run his action manually) but unfortunately no script is > > executed on reboot. > > > > - script is executable > > - no action is mentioned in /var/log/cron > > > > Can you tell me what I do wrong here? Perhaps scheduling this action > > _after_ reboot would be the solution? > > Is there any reason that you can't use the system's standard ipfw script > for that? > > I would suggest just putting the reference to loading tables in your ipfw script. I never use the default. in /etc/rc.conf: firewall_enable=3D"YES" firewall_script=3D"/etc/ipfw/rc.ipfw" in /etc/ipfw/rc.ipfw: ###########################################################################= ##### # load tables in background lockf -kst 30 /tmp/fw-wl.lck ipfw-table-update whitelist & lockf -kst 30 /tmp/fw-bl.lck ipfw-table-update blacklist & lockf -kst 30 /tmp/cp-bl.lck ipfw-table-update cloudips & ipfw-table-update looks for .txt files in /etc/ipfw/
and creates and loads the table (it's a little more than that, since each table has an alternate to permit atomic table updates) components of the blacklist are updated several times an hour or several times a day. The script may be run manually, of course. --=20 "Well," Brahm=C4=81 said, "even after ten thousand explanations, a fool is = no wiser, but an intelligent person requires only two thousand five hundred." - The Mah=C4=81bh=C4=81rata