Skip site navigation (1)Skip section navigation (2) 
Date:      Thu, 29 Sep 2005 12:17:10 +0900
From:      Ganbold <ganbold@micom.mng.net>
To:        freebsd-ipfw@FreeBSD.ORG
Subject:   Re: Enable ipfw without rebooting
Message-ID:  <6.2.1.2.2.20050929121426.02954710@202.179.0.80>
In-Reply-To: <200509281224.j8SCOJUv047047@lurza.secnetix.de>
References:  <8CEFEBE0-CC91-4FA6-8453-DF42AA9445A5@bnc.net> <200509281224.j8SCOJUv047047@lurza.secnetix.de>
next in thread | previous in thread | raw e-mail | index | archive | help 
If you want to restart ipfw you can try:

/etc/rc.d/ipfw restart

command if you are using FreeBSD 5.x or later.

hth,

Ganbold

At 09:24 PM 9/28/2005, you wrote:
>Achim Patzner <ap@bnc.net> wrote:
>  > Oliver Fromme wrote:
>  > > No.  Performing a reboot is a rather bad idea.
>  >
>  > Actually _loading kernel modules you haven't been using before_
>
>Lots of people have been using it before.  (Personally I
>prefer to compile it statically in the kernel, though.)
>
>  > without scheduling a reboot (which can be cancelled just as easily as
>  > removing an at job) is (not only in my opinion) a stupid idea.
>
>Apropos ideas:  Not having remote console access to a
>machine which is located at 800 km distance is (not only
>in my opinion) a stupid idea.  ;-)
>
>  > > A much better way would be a small "at" job that inserts
>  > > an appropriate "allow" rule:
>  >
>  > Where's the advantage?
>
>A solution that doesn't require a reboot is always better,
>especially on production machines.
>This isn't Windows, after all.
>
>For changing (and testing) rules, there's an even more
>elegant (and non-[qddisruptive) solution, see:
>/usr/share/examples/ipfw/change_rules.sh
>
>Best regards
>    Oliver
>
>--
>Oliver Fromme,  secnetix GmbH & Co. KG, Marktplatz 29, 85567 Grafing
>Dienstleistungen mit Schwerpunkt FreeBSD: http://www.secnetix.de/bsd
>Any opinions expressed in this message may be personal to the author
>and may not necessarily reflect the opinions of secnetix in any way.
>
>Passwords are like underwear.  You don't share them,
>you don't hang them on your monitor or under your keyboard,
>you don't email them, or put them on a web site,
>and you must change them very often.
>_______________________________________________
>freebsd-ipfw@freebsd.org mailing list
>http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw
>To unsubscribe, send any mail to "freebsd-ipfw-unsubscribe@freebsd.org"

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?6.2.1.2.2.20050929121426.02954710>