Date: Tue, 3 Apr 2007 08:04:31 -0300 From: AT Matik <asstec@matik.com.br> To: freebsd-ipfw@freebsd.org Cc: jonw@whoweb.com, Mike Makonnen <mtm@freebsd.org> Subject: Re: conf/78762: [ipfw] [patch] /etc/rc.d/ipfw should excecute $fire wall_script not read it Message-ID: <200704030804.31819.asstec@matik.com.br> In-Reply-To: <20070403100324.GA1710@rogue.navcom.lan> References: <200704021540.l32FerX8074400@freefall.freebsd.org> <200704021302 .52345.asstec@matik.com.br> <20070403100324.GA1710@rogue.navcom.lan>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tuesday 03 April 2007 07:03, Mike Makonnen wrote: > I'm not sure I understand. Are you saying the firewall should be enabled > in a precmd() subroutine? If so, I don't think that's a good idea. The > firewall should be enabled only after the firewall script has been > *successfully* loaded. I see your point but first tell me, how do you know that the rules are *successfully* loaded? then, this is about /etc/rc.d/ipfw ok, then ipfw_start checks if=20 firewall-script exist and reads it what was long time wrong, fortunatly fix= ed=20 now, so it executes now then checks if rule 65535 returnes "65535 deny ip from any to any" what als= o=20 is wrong and is ok only on stock kernel/ipfw with default to deny then at the end, regardless of any former checks ipfw_start enables=20 net.inet.ip.fw.enable what obviously is wrong then firstable no check if it is or not to do so, it does not even check if ipfw= is=20 loaded or not, ipfw_precmd might have failed or ipfw is default to accept=20 Jo=E3o A mensagem foi scaneada pelo sistema de e-mail e pode ser considerada segura. Service fornecido pelo Datacenter Matik https://datacenter.matik.com.br
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200704030804.31819.asstec>