Date: Sat, 7 May 2005 12:59:22 -0400 From: Nicholas Henry <nicholas.henry@gmail.com> To: freebsd-questions@freebsd.org Subject: firewall_enabled: not found mail message (was IPFW custom rules file not loading) Message-ID: <ee11ef4a0505070959e7f0474@mail.gmail.com> In-Reply-To: <20050503205915.GA16309@gothmog.gr> References: <ee11ef4a0505031218c9f64a5@mail.gmail.com> <20050503205915.GA16309@gothmog.gr>
next in thread | previous in thread | raw e-mail | index | archive | help
Thank you for you help - I misunderstood the firewall_script and firewall_type. Everything works well now. Just one annoying problem. I continually get a mail msg regarding firewall_enabled not found: >From operator@example.domain.ca Sat May 7 12:44:00 2005 Date: Sat, 7 May 2005 12:44:00 -0400 (EDT) From: operator@example.domain.ca (Cron Daemon) To: operator@example.domain.ca Subject: Cron <operator@example> /usr/libexec/save-entropy firewall_enable: not found Can anyone tell me how to resolve this issue? Thanks again, Nicholas On 5/3/05, Giorgos Keramidas <keramida@ceid.upatras.gr> wrote: > On 2005-05-03 15:18, Nicholas Henry <nicholas.henry@gmail.com> wrote: > > May 3 14:25:22 babe kernel: firewall_enable: not found > > May 3 14:25:22 babe kernel: ipfw2 initialized, divert disabled, rule-b= ased forwarding dis$ > > May 3 14:25:22 babe kernel: Flushed all rules. > > May 3 14:25:22 babe kernel: Line 3: > > May 3 14:25:22 babe kernel: bad command `ipfw' > > May 3 14:25:22 babe kernel: > > May 3 14:25:22 babe kernel: Firewall rules loaded, starting divert dae= mons: > > May 3 14:25:22 babe kernel: firewall_enable: not found > > May 3 14:25:22 babe kernel: . > > May 3 14:25:22 babe kernel: net.inet.ip.fw.enable: > > May 3 14:25:22 babe kernel: 1 > > May 3 14:25:22 babe kernel: -> > > May 3 14:25:22 babe kernel: 1 > > > > I'm refering to the "bad command 'ipfw'" line. I'm also concerned > > about the "firewall_enable" not found message. >=20 > It's normal. You're using firewall_type and yet you have written a > firewall _script_ in /etc/ipfw.rules. >=20 > > ** start rc.conf snippet ** > > firewall_enable=3D"YES" > > firewall_script=3D"/etc/rc.firewall" > > firewall_type=3D"/etc/ipfw.rules" > > firewall_quiet=3D"NO" > > firewall_logging=3D"NO" > > firewall_flags=3D"" > > ** send rc.conf snippet ** >=20 > Your firewall_type points to a pathname, so the file should contain > rules in the form: >=20 > check-state > add allow tcp from any to any 80 keep-state > add block ip from any to any >=20 > > ** start ipfw.rules ** > > > > #!/bin/sh > > # Flush out the list before we begin. > > ipfw -q -f flush > > > > # Set rules command prefix > > cmd=3D"ipfw -q add" > > skip=3D"skipto 801" > > pif=3D"fxp0" #found by doing a ifconfig or netstat -nr > > # public interface name of NIC >=20 > Your ipfw.rules file is written in the form of a firewall_script. > The difference between the two is small but important. >=20 > A firewall_type file contains just a set of rules that ipfw(8) will > parse, without intervention by a shell. >=20 > A firewall_script is executed by the /bin/sh shell, as a normal shell > script. One example of what can be used as a firewall_script is > /etc/rc.firewall (in pre-5.X versions) or /etc/rc.d/ipfw (in FreeBSD > 5.X or later). >=20 > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.o= rg" >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?ee11ef4a0505070959e7f0474>