Date: Thu, 18 Sep 1997 09:38:04 -0400 From: "James E. Housley" <housley@pr-comm.com> To: freebsd-stable@FreeBSD.ORG Subject: Problem with new rc.firewall Message-ID: <34212EBC.4C9A9791@pr-comm.com>
next in thread | raw e-mail | index | archive | help
I am using ctm-src-2_2 to keep current. The last update I compiled include
src/etc/rc.firewall:
Revision Path
1.6.2.3 src/etc/rc.firewall
I have my own firewall configuration so I edited the file to be of the form:
add deny all from 192.168.0.0:255.255.0.0 to any in via tun0
add deny all from 204.181.2.0:255.255.255.0 to any in via tun0
etc...
the file is:
-rw-r--r-- 1 root wheel 1943 Sep 17 15:03 firewall.ocean
rc.conf:
firewall_enable="YES"
firewall_type="/etc/firewall.ocean"
firewall_quiet="NO"
If I, as root, do a /sbin/ipfw /etc/firewall.ocean it loads the rules
correctly. However when the machine boots I get:
usage: ipfw [options]
flush
add [number] rule
delete number ...
list [number]
show [number]
zero [number ...]
rule: action proto src dst extras...
action:
{allow|permit|accept|pass|deny|drop|reject|unreach code|
reset|count|skipto num|divert port|tee port} [log]
proto: {ip|tcp|udp|icmp|<number>}
src: from [not] {any|ip[{/bits|:mask}]} [{port|port-port},[port],...]
dst: to [not] {any|ip[{/bits|:mask}]} [{port|port-port},[port],...]
extras:
fragment
in
out
{xmit|recv|via} {iface|ip|any}
{established|setup}
tcpflags [!]{syn|fin|rst|ack|psh|urg},...
ipoptions [!]{ssrr|lsrr|rr|ts},...
icmptypes {type[,type]}...
Also I think this is wrong:
elif [ "${firewall_type}" != "NONE" -a -r "${firewall_type}" ]; then
- $fwcmd ${firewall}
+ $fwcmd ${firewall_type}
fi
I changed it but it still didn't work as expected.
Jim
--
-------------------------------------------+-------------------------
James E. Housley | PGP: 1024/03983B4D
PR Communications, Inc. | 2C 3F 3A 0D A8 D8 C3 13
www.servtech.com/public/pr-comm | 7C F0 B5 BF 27 8B 92 FE
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?34212EBC.4C9A9791>