From owner-freebsd-stable Wed May 29 21:22:56 2002 Delivered-To: freebsd-stable@freebsd.org Received: from tomts11-srv.bellnexxia.net (tomts11.bellnexxia.net [209.226.175.55]) by hub.freebsd.org (Postfix) with ESMTP id 57AE837B405 for ; Wed, 29 May 2002 21:22:47 -0700 (PDT) Received: from localhost ([65.95.160.142]) by tomts11-srv.bellnexxia.net (InterMail vM.5.01.04.19 201-253-122-122-119-20020516) with ESMTP id <20020530042246.IEVV16816.tomts11-srv.bellnexxia.net@localhost> for ; Thu, 30 May 2002 00:22:46 -0400 Date: Thu, 30 May 2002 00:22:46 -0400 Subject: Re: Server won't boot after recompile the kernel with ipfw support Content-Type: text/plain; charset=US-ASCII; format=flowed Mime-Version: 1.0 (Apple Message framework v481) From: Bryan Fullerton To: freebsd-stable Content-Transfer-Encoding: 7bit In-Reply-To: Message-Id: X-Mailer: Apple Mail (2.481) Sender: owner-freebsd-stable@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG On Wednesday, May 29, 2002, at 12:46 PM, Ian wrote: > Have a look at /etc/rc.firewall and see if one of the standard named > configurations it supports is right for you. If so, set it in > firewall_type > in rc.conf. Otherwise use firewall_type="/etc/ipfw.conf" and put your > own > ruleset into that file (which won't get clobbered on upgrades). This thread is questionably still on -stable, but wouldn't it make more sense to set firewall_script to your ruleset file instead of firewall_type? ie, I use: firewall_enable="YES" firewall_script="/etc/rc.firewall.local" Setting firewall_type to a file name will just ensure that no rules are added at all, it won't match any cases in /etc/rc.firewall. Bryan To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message