From owner-freebsd-questions@FreeBSD.ORG  Wed Mar 31 14:11:49 2010
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 77B63106566C
	for <freebsd-questions@freebsd.org>;
	Wed, 31 Mar 2010 14:11:49 +0000 (UTC)
	(envelope-from martin@dc.cis.okstate.edu)
Received: from dc.cis.okstate.edu (dc.cis.okstate.edu [139.78.103.93])
	by mx1.freebsd.org (Postfix) with ESMTP id 4060F8FC0C
	for <freebsd-questions@freebsd.org>;
	Wed, 31 Mar 2010 14:11:48 +0000 (UTC)
Received: from dc.cis.okstate.edu (localhost.cis.okstate.edu [127.0.0.1])
	by dc.cis.okstate.edu (8.14.2/8.13.8) with ESMTP id o2VEBWwK091324
	for <freebsd-questions@freebsd.org>;
	Wed, 31 Mar 2010 09:11:38 -0500 (CDT)
	(envelope-from martin@dc.cis.okstate.edu)
Message-Id: <201003311411.o2VEBWwK091324@dc.cis.okstate.edu>
To: freebsd-questions@freebsd.org
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-ID: <91322.1270044692.1@dc.cis.okstate.edu>
Date: Wed, 31 Mar 2010 09:11:32 -0500
From: Martin McCormick <martin@dc.cis.okstate.edu>
Subject: FreeBSD8.0 Firewall Script behaves much differently than 6.x
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 31 Mar 2010 14:11:49 -0000

	Is there a proper way to reset firewall rules in
FreeBSD8.0  ? I just discovered that if one is remotely logged
in and makes a change in the firewall rules, it is a disastor to
do something like

sh /etc/[firewall_rules_script]

	One could do that in FreeBSD6.x. When the rules flushed,
you lost your connection, but the script continued to execute
and the new rules were in effect immediately. Trying this same
reload in FreeBSD8.0, I knew something was horribly wrong when
everything just locked up. I logged on to a local console and ran

ipfw list

It had stopped right after the flush.

	Doing the same command from a local or even a serial
console works fine and the new rules are installed.

	Thanks and maybe I have been using the wrong technique
for reloading firewall rules all along.

Martin McCormick WB5AGZ  Stillwater, OK 
Systems Engineer
OSU Information Technology Department Telecommunications Services Group