From owner-freebsd-stable  Fri May 18  5:42:50 2001
Delivered-To: freebsd-stable@freebsd.org
Received: from buddha.automagic.org (buddha-nexxia.automagic.org [207.61.141.34])
	by hub.freebsd.org (Postfix) with SMTP id A7C1437B422
	for <stable@FreeBSD.ORG>; Fri, 18 May 2001 05:42:40 -0700 (PDT)
	(envelope-from jabley@buddha.automagic.org)
Received: (qmail 16842 invoked by uid 100); 18 May 2001 12:42:39 -0000
Date: Fri, 18 May 2001 08:42:39 -0400
From: Joe Abley <jabley@automagic.org>
To: Stephen Montgomery-Smith <stephen@math.missouri.edu>
Cc: stable@FreeBSD.ORG
Subject: Re: starting ipfw
Message-ID: <20010518084239.C27636@buddha.home.automagic.org>
References: <E150aBy-0002kz-00@rip.psg.com> <200105180336.f4I3aA492477@vashon.polstra.com> <3B04A0B6.B3200868@math.missouri.edu>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.2.5i
In-Reply-To: <3B04A0B6.B3200868@math.missouri.edu>; from stephen@math.missouri.edu on Thu, May 17, 2001 at 11:10:30PM -0500
Sender: owner-freebsd-stable@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-stable.FreeBSD.ORG>
X-Loop: FreeBSD.ORG

On Thu, May 17, 2001 at 11:10:30PM -0500, Stephen Montgomery-Smith wrote:
> John Polstra wrote:
> > 
> > In article <E150aBy-0002kz-00@rip.psg.com>, Randy Bush  <randy@psg.com> wrote:
> > > i am trying ipfw and hitting a start problem.  the machine boots up as if
> > > it has not been loaded.  but my /etc/rc.conf says
> > >
> > > firewall_enable="YES"         # Set to YES to enable firewall functionality
> > > firewall_script="/etc/ipfw.rules" # Which script to run to set up the firewall
> > 
> >   ^^^^^^^^^^^^^^^ should be firewall_type
> > 
> 
> No, firewall_type would be one of "simple" or "open" or whatever.

From /etc/rc.firewall:

  ############
  # Define the firewall type in /etc/rc.conf.  Valid values are:
  #   open     - will allow anyone in
  #   client   - will try to protect just this machine
  #   simple   - will try to protect a whole network
  #   closed   - totally disables IP services except via lo0 interface
  #   UNKNOWN  - disables the loading of firewall rules.
  #   filename - will load the rules in the given filename (full path required)

Setting firewall_type to /etc/ipfw.rules does indeed do something
sensible, so long as /etc/ipfw.rules exists and is readable.


Joe

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-stable" in the body of the message