Skip site navigation (1)Skip section navigation (2) 
Date:      Fri, 30 Jan 2004 19:47:47 -0600
From:      Eric F Crist <ecrist@adtechintegrated.com>
To:        Chuck Swiger <cswiger@mac.com>
Cc:        freebsd-questions@freebsd.org
Subject:   Re: where am I supposed to put my rc.firewall?
Message-ID:  <200401301947.54492.ecrist@adtechintegrated.com>
In-Reply-To: <401AFCBB.1010300@mac.com>
References:  <200401301846.52757.ecrist@adtechintegrated.com> <401AFCBB.1010300@mac.com>
next in thread | previous in thread | raw e-mail | index | archive | help 

--Boundary-02=_KlwGAQV7GLJNs63
Content-Type: text/plain;
  charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
Content-Description: signed data
Content-Disposition: inline

On Friday 30 January 2004 06:54 pm, Chuck Swiger wrote:
> Eric F Crist wrote:
> > I'm trying to add IPFW support.  Where do I put my rc.firewall so that =
it
> > gets read at boot time?  I've tried /usr/local/etc/rc.d and /etc but
> > neither seems to get read.
>
> Specify the location of your firewall script in /etc/rc.conf like so:
>
> firewall_enable=3D'YES'
> firewall_type=3D'/etc/ERICS_firewall'
> firewall_flags=3D'-p /usr/bin/cpp'
>
> [ You might choose to use some other preprocessor... ]

Well, here's what I have now.  I have a file in /etc called grog.firewall. =
=20
It's contents are:

grog# more grog.firewall
ipfw -f flush
ipfw add 100 pass all from any to any via lo0
ipfw add 200 deny all from any to 127.0.0.0/8
ipfw add 300 deny ip from 127.0.0.0/8 to any
ipfw add 600 allow all from any to any

In my /etc/rc.conf file, I have the following two entries pertaining to the=
=20
firewall:

firewall_enable=3D"YES"
firewall_type=3D"/etc/grog.firewall"

Now, this is a headless system, so I access it through the serial port.  I=
=20
don't see any errors anywhere, but my ipfw show command, immediately after=
=20
boot, shows:

65535 481 38684 deny ip from any to any

What have I done wrong?
=2D-=20
Eric F Crist
AdTech Integrated Systems, Inc
(612) 998-3588
--Boundary-02=_KlwGAQV7GLJNs63
Content-Type: application/pgp-signature
Content-Description: signature

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (FreeBSD)

iD8DBQBAGwlKzdyDbTMRQIYRAryKAJ9+0rKW1mSDtLSR/Dgo3+cNN3s54ACg4isK
y87GyoKLKUEL6N9KySQlYWY=
=LXp1
-----END PGP SIGNATURE-----

--Boundary-02=_KlwGAQV7GLJNs63--

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200401301947.54492.ecrist>