From owner-freebsd-ipfw  Wed Dec  4  8: 3: 2 2002
Delivered-To: freebsd-ipfw@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id D440337B401
	for <freebsd-ipfw@freebsd.org>; Wed,  4 Dec 2002 08:03:00 -0800 (PST)
Received: from gs166.sp.cs.cmu.edu (GS166.SP.CS.CMU.EDU [128.2.205.169])
	by mx1.FreeBSD.org (Postfix) with SMTP id 5BFB243EBE
	for <freebsd-ipfw@freebsd.org>; Wed,  4 Dec 2002 08:03:00 -0800 (PST)
	(envelope-from dpelleg@gs166.sp.cs.cmu.edu)
To: Steve Bertrand <iaccounts@northnetworks.ca>
Cc: freebsd-ipfw@freebsd.org
Subject: Re: Auto-recover
References: <3DEE16D7.1020706@northnetworks.ca>
From: Dan Pelleg <daniel+bsd@pelleg.org>
Date: 04 Dec 2002 11:02:14 -0500
In-Reply-To: <3DEE16D7.1020706@northnetworks.ca>
Message-ID: <u2sel8x4vsp.fsf@gs166.sp.cs.cmu.edu>
Lines: 27
User-Agent: Gnus/5.0808 (Gnus v5.8.8) XEmacs/21.1 (Cuyahoga Valley)
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Sender: owner-freebsd-ipfw@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-ipfw.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-ipfw>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-ipfw>
X-Loop: FreeBSD.ORG

Steve Bertrand <iaccounts@northnetworks.ca> writes:

> No matter what I do, the auto-recover script (change_rules.sh) will not
> process my new rules properly when connected via ssh.  I suspect that this
> is due to the flush at the top of my rules script.  After modification of my
> firewall script, I have to log back into the box and the old rules are
> re-loaded.  Is there something special that I have to add or remove from my
> ruleset to make this process work properly?
> 
> 

You can try adding this to /etc/rc.conf:
firewall_quiet="YES"

Alternatively, try a scheme that doesn't require a flush. I've written
something along these lines, and it lets you update just the part of the
ruleset you want (say, www or mail rules). If you want to play with it, the
announcement is here:

http://www.FreeBSD.org/cgi/getmsg.cgi?fetch=509128+512111+/usr/local/www/db/text/2002/freebsd-stable/20021124.freebsd-stable

It installs just like a port and is rc.firewall compatible (up to the part
where you plug in your own rules and hosts).

-- 

  Dan Pelleg

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-ipfw" in the body of the message