Date: Wed, 31 Mar 2010 11:30:10 -0400 From: Lowell Gilbert <freebsd-questions-local@be-well.ilk.org> To: Martin McCormick <martin@dc.cis.okstate.edu> Cc: freebsd-questions@freebsd.org Subject: Re: FreeBSD8.0 Firewall Script behaves much differently than 6.x Message-ID: <44eij01pbx.fsf@be-well.ilk.org> In-Reply-To: <201003311411.o2VEBWwK091324@dc.cis.okstate.edu> (Martin McCormick's message of "Wed, 31 Mar 2010 09:11:32 -0500") References: <201003311411.o2VEBWwK091324@dc.cis.okstate.edu>
next in thread | previous in thread | raw e-mail | index | archive | help
Martin McCormick <martin@dc.cis.okstate.edu> writes: > Is there a proper way to reset firewall rules in > FreeBSD8.0 ? I just discovered that if one is remotely logged > in and makes a change in the firewall rules, it is a disastor to > do something like > > sh /etc/[firewall_rules_script] > > One could do that in FreeBSD6.x. When the rules flushed, > you lost your connection, but the script continued to execute > and the new rules were in effect immediately. Trying this same > reload in FreeBSD8.0, I knew something was horribly wrong when > everything just locked up. I logged on to a local console and ran > > ipfw list > > It had stopped right after the flush. > > Doing the same command from a local or even a serial > console works fine and the new rules are installed. > > Thanks and maybe I have been using the wrong technique > for reloading firewall rules all along. This situation has always existed. See the note for "-q" in the ipfw(8) manual and note the firewall_quiet variable in the default rc.firewall script. The most widely recommended approach is to run the script in a screen(1) (or similar) session. Even just redirecting the output is enough to let the script run through while still keeping any potential error information -- Lowell Gilbert, embedded/networking software engineer, Boston area http://be-well.ilk.org/~lowell/
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?44eij01pbx.fsf>