From owner-freebsd-questions@FreeBSD.ORG  Wed May 16 05:10:57 2007
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
X-Original-To: freebsd-questions@freebsd.org
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52])
	by hub.freebsd.org (Postfix) with ESMTP id 70AB516A400
	for <freebsd-questions@freebsd.org>;
	Wed, 16 May 2007 05:10:57 +0000 (UTC)
	(envelope-from brett@net24.co.nz)
Received: from srv.exchange.net24.net.nz (srv.exchange.net24.net.nz
	[210.55.4.16]) by mx1.freebsd.org (Postfix) with ESMTP id 9F6E413C459
	for <freebsd-questions@freebsd.org>;
	Wed, 16 May 2007 05:10:55 +0000 (UTC)
	(envelope-from brett@net24.co.nz)
Content-class: urn:content-classes:message
MIME-Version: 1.0
X-MimeOLE: Produced By Microsoft Exchange V6.5
Date: Wed, 16 May 2007 16:58:39 +1200
Message-ID: <60224D09909C0B43A50935A0893D8FF33A444C@srv.exchange.net24.net.nz>
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
Thread-Topic: IP Firewall disconnecting me after firewall changes
thread-index: AceXdt4CAPSw5TwSS3eAYp5vKdD/aQ==
From: "Brett Davidson" <brett@net24.co.nz>
To: <freebsd-questions@freebsd.org>
Content-Type: text/plain;
	charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
X-Content-Filtered-By: Mailman/MimeDel 2.1.5
Subject: IP Firewall disconnecting me after firewall changes
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 16 May 2007 05:10:57 -0000

I keep firewall rules in a file that I then run via a "sh" command. You
know, like /etc/rc.firewall. :-)
=20
Essentially the file does=20
ipfw -q -f flush
$cmd 0015 check-state
$cmd set 31 <rule#> <allow tcp from <address/subnet> to me 22 in via
$pif setup keep-state
=20
where $cmd =3D "ipfw -q add"  and $pif =3D "em0".
=20
I understand that this set 31 rule should remain even after the flush
action on the first line.
=20
This does not appear to be the case. If I run this script from an ssh
session I get disconnected which is not what I expected.=20
=20
What am I doing wrong?
=20
Cheers,
Brett.