From owner-freebsd-ipfw@FreeBSD.ORG Thu Sep 29 07:33:01 2005 Return-Path: X-Original-To: freebsd-ipfw@FreeBSD.ORG Delivered-To: freebsd-ipfw@FreeBSD.ORG Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id BAD8A16A41F for ; Thu, 29 Sep 2005 07:33:01 +0000 (GMT) (envelope-from olli@lurza.secnetix.de) Received: from lurza.secnetix.de (lurza.secnetix.de [83.120.8.8]) by mx1.FreeBSD.org (Postfix) with ESMTP id CCACA43D48 for ; Thu, 29 Sep 2005 07:33:00 +0000 (GMT) (envelope-from olli@lurza.secnetix.de) Received: from lurza.secnetix.de (klyvwf@localhost [127.0.0.1]) by lurza.secnetix.de (8.13.1/8.13.1) with ESMTP id j8T7WwMM086437 for ; Thu, 29 Sep 2005 09:32:58 +0200 (CEST) (envelope-from oliver.fromme@secnetix.de) Received: (from olli@localhost) by lurza.secnetix.de (8.13.1/8.13.1/Submit) id j8T7Ww7j086436; Thu, 29 Sep 2005 09:32:58 +0200 (CEST) (envelope-from olli) Date: Thu, 29 Sep 2005 09:32:58 +0200 (CEST) Message-Id: <200509290732.j8T7Ww7j086436@lurza.secnetix.de> From: Oliver Fromme To: freebsd-ipfw@FreeBSD.ORG In-Reply-To: <6.2.1.2.2.20050929121426.02954710@202.179.0.80> X-Newsgroups: list.freebsd-ipfw User-Agent: tin/1.5.4-20000523 ("1959") (UNIX) (FreeBSD/4.11-RELEASE (i386)) MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 8bit Cc: Subject: Re: Enable ipfw without rebooting X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: freebsd-ipfw@FreeBSD.ORG List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 29 Sep 2005 07:33:01 -0000 Ganbold wrote: > Oliver Fromme wrote: > > [...] > > For changing (and testing) rules, there's an even more > > elegant (and non-[qddisruptive) solution, see: > > /usr/share/examples/ipfw/change_rules.sh > > If you want to restart ipfw you can try: > > /etc/rc.d/ipfw restart > > command if you are using FreeBSD 5.x or later. But that command does not provide _any_ safety net at all (against a problem with your ruleset) when you're logged in via network. It is only safe to use when you have access to the console. Better use the script that I mentioned (or an appropriate at(1) command or whatever): /usr/share/examples/ipfw/change_rules.sh Best regards Oliver -- Oliver Fromme, secnetix GmbH & Co. KG, Marktplatz 29, 85567 Grafing Dienstleistungen mit Schwerpunkt FreeBSD: http://www.secnetix.de/bsd Any opinions expressed in this message may be personal to the author and may not necessarily reflect the opinions of secnetix in any way. "Emacs ist für mich kein Editor. Für mich ist das genau das gleiche, als wenn ich nach einem Fahrrad (für die Sonntagbrötchen) frage und einen pangalaktischen Raumkreuzer mit 10 km Gesamtlänge bekomme. Ich weiß nicht, was ich damit soll." -- Frank Klemm, de.comp.os.unix.discussion