From owner-freebsd-hackers  Thu Apr 10 22:58:21 1997
Return-Path: <owner-hackers>
Received: (from root@localhost)
          by freefall.freebsd.org (8.8.5/8.8.5) id WAA28451
          for hackers-outgoing; Thu, 10 Apr 1997 22:58:21 -0700 (PDT)
Received: from panda.hilink.com.au (panda.hilink.com.au [203.2.144.5])
          by freefall.freebsd.org (8.8.5/8.8.5) with ESMTP id WAA28446
          for <hackers@freebsd.org>; Thu, 10 Apr 1997 22:58:18 -0700 (PDT)
Received: (from danny@localhost) by panda.hilink.com.au (8.8.5/8.7.3) id QAA00294; Fri, 11 Apr 1997 16:02:29 +1000 (EST)
Date: Fri, 11 Apr 1997 16:02:28 +1000 (EST)
From: "Daniel O'Callaghan" <danny@panda.hilink.com.au>
To: Adam David <adam@veda.is>
cc: hackers@freebsd.org
Subject: Re: kern/3244: ipfw flush closes connections
In-Reply-To: <199704110545.FAA10622@veda.is>
Message-ID: <Pine.BSF.3.91.970411155937.10264m-100000@panda.hilink.com.au>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-hackers@freebsd.org
X-Loop: FreeBSD.org
Precedence: bulk



On Fri, 11 Apr 1997, Adam David wrote:

> This is also weird...
> 
> 'sh /etc/rc.firewall' invoked from a telnet or rlogin connection will break
> the connection, but if it is invoked from the console instead the network
> login connection stays open.

Have you read my earlier e-mail?  This occurs because if you leave out 
the '-q' option 'flush' says "Flushed all rules".  But when the tcp 
packets come to be sent, and error "Permission denied" is return, so 
telnetd/rlogind quite, kernel resets connection and the rest of 
rc.firewall is probably not executed.

Use -q with your flush in 2.2-RELEASE and later. 
If you don't have -q, make sure you do

 ipfw -f flush >/dev/null 2>&1

Danny