Date: Tue, 3 Apr 2007 08:04:31 -0300 From: AT Matik <asstec@matik.com.br> To: freebsd-ipfw@freebsd.org Cc: jonw@whoweb.com, Mike Makonnen <mtm@freebsd.org> Subject: Re: conf/78762: [ipfw] [patch] /etc/rc.d/ipfw should excecute $fire wall_script not read it Message-ID: <200704030804.31819.asstec@matik.com.br> In-Reply-To: <20070403100324.GA1710@rogue.navcom.lan> References: <200704021540.l32FerX8074400@freefall.freebsd.org> <200704021302 .52345.asstec@matik.com.br> <20070403100324.GA1710@rogue.navcom.lan>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tuesday 03 April 2007 07:03, Mike Makonnen wrote: > I'm not sure I understand. Are you saying the firewall should be enabled > in a precmd() subroutine? If so, I don't think that's a good idea. The > firewall should be enabled only after the firewall script has been > *successfully* loaded. I see your point but first tell me, how do you know that the rules are *successfully* loaded? then, this is about /etc/rc.d/ipfw ok, then ipfw_start checks if firewall-script exist and reads it what was long time wrong, fortunatly fixed now, so it executes now then checks if rule 65535 returnes "65535 deny ip from any to any" what also is wrong and is ok only on stock kernel/ipfw with default to deny then at the end, regardless of any former checks ipfw_start enables net.inet.ip.fw.enable what obviously is wrong then firstable no check if it is or not to do so, it does not even check if ipfw is loaded or not, ipfw_precmd might have failed or ipfw is default to accept Joćo A mensagem foi scaneada pelo sistema de e-mail e pode ser considerada segura. Service fornecido pelo Datacenter Matik https://datacenter.matik.com.br
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200704030804.31819.asstec>