Date: Thu, 1 Feb 2007 20:59:00 -0500 From: "The Admiral" <xxadmiralxx@gmail.com> To: freebsd-ipfw@freebsd.org Subject: Re: rc.firewall script not running at system boot Message-ID: <66f7e7af0702011759t1b4ba6a8jb988d68fe5595601@mail.gmail.com> In-Reply-To: <000001c74663$212a10a0$0205000a@white> References: <66f7e7af0702011304m61385124r5876e0af3d767a55@mail.gmail.com> <002401c74657$6b169690$0205000a@white> <66f7e7af0702011611v155a3c2h6a26152d7faf9796@mail.gmail.com> <000001c74663$212a10a0$0205000a@white>
next in thread | previous in thread | raw e-mail | index | archive | help
On 2/1/07, Dewayne Geraghty <dewayne.geraghty@heuristicsystems.com.au> wrote: > > Hmm - I have a 9 firewalls in different locations and the information that > you've provided seems ok. Kernel options are ok, rc.conf looks ok, is > there > a "client" option still in your rc.firewall. > > The deny rule is always the last as its meant to protect the environment > in > case of rc.firewall not working. Could you try > > script /tmp/ipfw.lis /etc/rc.d/ipfw restart > And examine the output as that is sure to tell you where the hangup is. > There be a rule in the rc.firewall that makes it hang/stop. (tired > fingers > sometimes leave remnant char around). I tried executing "/etc/rc.d/ipfw restart" and sure enough, it showed that one of my firewall rules was mistakenly entered as "addpass" while it should've been "add pass". I corrected the typo, but the strange thing is, when I reboot, it still doesn't work! Running the firewall command manually works without error, but it isn't executed at boot.. Any other ideas? I was sure that the typo was the problem, unfortunately that's not the case. Oh well, at least it seems I'm getting closer to a solution! Thanks, Mike Regards, Dewayne. > -----Original Message----- > From: owner-freebsd-ipfw@freebsd.org [mailto: > owner-freebsd-ipfw@freebsd.org] > On Behalf Of The Admiral > Sent: Friday, 2 February 2007 11:11 AM > To: freebsd-ipfw@freebsd.org > Subject: Re: rc.firewall script not running at system boot > > Hi Dewayne, thanks for the response, although I tried enclosing the YES > option in quotes but it didn't make a difference. > > Mike > > > On 2/1/07, Dewayne Geraghty <dewayne.geraghty@heuristicsystems.com.au> > wrote: > > > > Put quotes around gateway_enable="YES" > > Regards, Dewayne. > > > > -----Original Message----- > > From: owner-freebsd-ipfw@freebsd.org [mailto: > > owner-freebsd-ipfw@freebsd.org] > > On Behalf Of The Admiral > > Sent: Friday, 2 February 2007 8:04 AM > > To: freebsd-ipfw@freebsd.org > > Subject: rc.firewall script not running at system boot > > > > We had a power outage last night and I arrived at work today to find > > that one of our machines no longer has network access (one of the few > > machines not on a battery backup unit). I checked to see what > > firewall rules were enabled and the only one that was active was to > > deny all. It seems as though my rc.firewall script wasn't run > > automatically when the system booted. I rebooted to double check and > > sure enough the only rule enabled was the deny all rule. My rc.conffile > has the following: > > > > --------------------------------------------------------------- > > hostname="dev" > > > > ifconfig_em0="inet 192.168.1.120 netmask 255.255.255.0" > > ifconfig_vr0="inet 224.87.34.72 netmask 255.255.255.248" #real IP > > hidden > > on purpose > > > > defaultrouter="224.87.34.71" > > > > gateway_enable=YES > > firewall_enable="YES" # Set to YES to enable firewall > functionality > > firewall_script="/etc/rc.firewall" # Which script to run to set up the > > firewall > > firewall_type="client" # Firewall type (see /etc/rc.firewall) > > > > --------------------------------------------------------------- > > > > my kernel configuration file has the following: > > > > --------------------------------------------------------------- > > > > options IPFIREWALL # required to use ipfw > > options IPFIREWALL_FORWARD > > options IPDIVERT # required for natd > > options IPFIREWALL_VERBOSE # Enables logging of packets that > > pass > > through IPFW and have the 'log' keyword specified in the rule set. > > > > --------------------------------------------------------------- > > > > When I run the rc.firewall script directly (sudo /etc/rc.firewall > > client) all my rulesets are enabled as they should, however, the > > rc.firewall file isn't being executed at system boot, which I'd like > > to resolve, since it means that the machine will be inaccessible if > > the machine is rebooted for whatever reason, and no one is there to > > manually execute the firewall script from the console. The strange > > thing is, the last time I manually rebooted the machine, the script > > was executed without a problem.. The machine hasn't been rebooted for > > a while though, and a lot of the software has been updated in the > > meantime, so I'm thinking that may be the cause, but I'm still unsure > > how to go about fixing this. Any help is greatly appreciated, thanks. > > > > Mike > > _______________________________________________ > > freebsd-ipfw@freebsd.org mailing list > > http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw > > To unsubscribe, send any mail to "freebsd-ipfw-unsubscribe@freebsd.org" > > > > > _______________________________________________ > freebsd-ipfw@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw > To unsubscribe, send any mail to "freebsd-ipfw-unsubscribe@freebsd.org" > >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?66f7e7af0702011759t1b4ba6a8jb988d68fe5595601>