From owner-freebsd-ipfw@FreeBSD.ORG Thu Sep 29 03:44:19 2005 Return-Path: X-Original-To: freebsd-ipfw@FreeBSD.ORG Delivered-To: freebsd-ipfw@FreeBSD.ORG Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id ED21416A41F for ; Thu, 29 Sep 2005 03:44:19 +0000 (GMT) (envelope-from ganbold@micom.mng.net) Received: from publicd.ub.mng.net (publicd.ub.mng.net [202.179.0.88]) by mx1.FreeBSD.org (Postfix) with ESMTP id E947C43D4C for ; Thu, 29 Sep 2005 03:44:18 +0000 (GMT) (envelope-from ganbold@micom.mng.net) Received: from [202.179.0.164] (helo=ganbold.micom.mng.net) by publicd.ub.mng.net with esmtpa (Exim 4.43 (FreeBSD)) id 1EKp6X-000J2F-Bq for freebsd-ipfw@FreeBSD.ORG; Thu, 29 Sep 2005 11:44:49 +0800 Message-Id: <6.2.1.2.2.20050929121426.02954710@202.179.0.80> X-Mailer: QUALCOMM Windows Eudora Version 6.2.1.2 Date: Thu, 29 Sep 2005 12:17:10 +0900 To: freebsd-ipfw@FreeBSD.ORG From: Ganbold In-Reply-To: <200509281224.j8SCOJUv047047@lurza.secnetix.de> References: <8CEFEBE0-CC91-4FA6-8453-DF42AA9445A5@bnc.net> <200509281224.j8SCOJUv047047@lurza.secnetix.de> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed Cc: Subject: Re: Enable ipfw without rebooting X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 29 Sep 2005 03:44:20 -0000 If you want to restart ipfw you can try: /etc/rc.d/ipfw restart command if you are using FreeBSD 5.x or later. hth, Ganbold At 09:24 PM 9/28/2005, you wrote: >Achim Patzner wrote: > > Oliver Fromme wrote: > > > No. Performing a reboot is a rather bad idea. > > > > Actually _loading kernel modules you haven't been using before_ > >Lots of people have been using it before. (Personally I >prefer to compile it statically in the kernel, though.) > > > without scheduling a reboot (which can be cancelled just as easily as > > removing an at job) is (not only in my opinion) a stupid idea. > >Apropos ideas: Not having remote console access to a >machine which is located at 800 km distance is (not only >in my opinion) a stupid idea. ;-) > > > > A much better way would be a small "at" job that inserts > > > an appropriate "allow" rule: > > > > Where's the advantage? > >A solution that doesn't require a reboot is always better, >especially on production machines. >This isn't Windows, after all. > >For changing (and testing) rules, there's an even more >elegant (and non-[qddisruptive) solution, see: >/usr/share/examples/ipfw/change_rules.sh > >Best regards > Oliver > >-- >Oliver Fromme, secnetix GmbH & Co. KG, Marktplatz 29, 85567 Grafing >Dienstleistungen mit Schwerpunkt FreeBSD: http://www.secnetix.de/bsd >Any opinions expressed in this message may be personal to the author >and may not necessarily reflect the opinions of secnetix in any way. > >Passwords are like underwear. You don't share them, >you don't hang them on your monitor or under your keyboard, >you don't email them, or put them on a web site, >and you must change them very often. >_______________________________________________ >freebsd-ipfw@freebsd.org mailing list >http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw >To unsubscribe, send any mail to "freebsd-ipfw-unsubscribe@freebsd.org"