Date: 13 Jun 1999 22:41:36 +0200 From: Dag-Erling Smorgrav <des@flood.ping.uio.no> To: Adam David <adam@veda.is> Cc: ru@FreeBSD.ORG, freebsd-bugs@FreeBSD.ORG Subject: Re: kern/3244: ipfw flush closes connections Message-ID: <xzp1zffhlz3.fsf@flood.ping.uio.no> In-Reply-To: Adam David's message of "Sun, 13 Jun 1999 20:00:57 %2B0000 (GMT)" References: <199906132000.UAA15624@veda.is>
next in thread | previous in thread | raw e-mail | index | archive | help
Adam David <adam@veda.is> writes: > > # sh /etc/firewall >ipfw.out 2>&1 > > > > or > > > > # (sh /etc/firewall &) > > I think the latter works, and there was once a time when it did not. It's a question of timing. What happens when you press enter is that your shell parses the command and forks a subshell (because of the parentheses). The subshell fork/execs /bin/sh, then exits. The parent shell (which was waiting for the subshell to terminate) prints out a new prompt. If you're out of luck, by the time your shell prints the new prompt, /bin/sh has already run 'ipfw -q flush', the firewall is temporarily impregnable, telnetd / sshd gets an EPERM or EACCES and shuts down the connection. Of course, if your firewall script produces output, the exact same problem is triggered by that output. You can fix that by redirecting the output. You can fix the trickier problem of the prompt by adding a delay to allow the shell to display its prompt before the firewall script runs: # (sleep 2 && sh /etc/firewall&)& Running the script in the background in a subshell should disown it (i.e. dissociate it from the parent shell so it's not killed when the parent shell dies), so even if you lose your connection, the script will run to completion (assuming there are no errors in it), and you should be able to reconnect once the rules to let you in are installed. This *may* vary from shell to shell; I use zsh. DES -- Dag-Erling Smorgrav - des@flood.ping.uio.no To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-bugs" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?xzp1zffhlz3.fsf>