From owner-freebsd-stable Thu Sep 18 06:38:32 1997 Return-Path: Received: (from root@localhost) by hub.freebsd.org (8.8.7/8.8.7) id GAA06062 for stable-outgoing; Thu, 18 Sep 1997 06:38:32 -0700 (PDT) Received: from cyber3.servtech.com (root@cyber3.servtech.com [199.1.22.25]) by hub.freebsd.org (8.8.7/8.8.7) with ESMTP id GAA06057 for ; Thu, 18 Sep 1997 06:38:28 -0700 (PDT) Received: from pr-comm.com (root@prcomm.roc.servtech.com [204.181.3.14]) by cyber3.servtech.com (8.8.6/8.8.5) with ESMTP id JAA06679 for ; Thu, 18 Sep 1997 09:38:19 -0400 (EDT) Received: from pr-comm.com (housley@localhost [127.0.0.1]) by pr-comm.com (8.8.7/8.8.7) with ESMTP id JAA03122 for ; Thu, 18 Sep 1997 09:38:06 -0400 (EDT) Message-ID: <34212EBC.4C9A9791@pr-comm.com> Date: Thu, 18 Sep 1997 09:38:04 -0400 From: "James E. Housley" Organization: PR Communications, Inc. X-Mailer: Mozilla 4.02b7 [en] (X11; I; FreeBSD 2.2-STABLE i386) MIME-Version: 1.0 To: freebsd-stable@FreeBSD.ORG Subject: Problem with new rc.firewall Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-stable@FreeBSD.ORG X-Loop: FreeBSD.org Precedence: bulk I am using ctm-src-2_2 to keep current. The last update I compiled include src/etc/rc.firewall: Revision Path 1.6.2.3 src/etc/rc.firewall I have my own firewall configuration so I edited the file to be of the form: add deny all from 192.168.0.0:255.255.0.0 to any in via tun0 add deny all from 204.181.2.0:255.255.255.0 to any in via tun0 etc... the file is: -rw-r--r-- 1 root wheel 1943 Sep 17 15:03 firewall.ocean rc.conf: firewall_enable="YES" firewall_type="/etc/firewall.ocean" firewall_quiet="NO" If I, as root, do a /sbin/ipfw /etc/firewall.ocean it loads the rules correctly. However when the machine boots I get: usage: ipfw [options] flush add [number] rule delete number ... list [number] show [number] zero [number ...] rule: action proto src dst extras... action: {allow|permit|accept|pass|deny|drop|reject|unreach code| reset|count|skipto num|divert port|tee port} [log] proto: {ip|tcp|udp|icmp|} src: from [not] {any|ip[{/bits|:mask}]} [{port|port-port},[port],...] dst: to [not] {any|ip[{/bits|:mask}]} [{port|port-port},[port],...] extras: fragment in out {xmit|recv|via} {iface|ip|any} {established|setup} tcpflags [!]{syn|fin|rst|ack|psh|urg},... ipoptions [!]{ssrr|lsrr|rr|ts},... icmptypes {type[,type]}... Also I think this is wrong: elif [ "${firewall_type}" != "NONE" -a -r "${firewall_type}" ]; then - $fwcmd ${firewall} + $fwcmd ${firewall_type} fi I changed it but it still didn't work as expected. Jim -- -------------------------------------------+------------------------- James E. Housley | PGP: 1024/03983B4D PR Communications, Inc. | 2C 3F 3A 0D A8 D8 C3 13 www.servtech.com/public/pr-comm | 7C F0 B5 BF 27 8B 92 FE