Date: 16 Feb 2001 10:13:42 +0000 From: Wayne Pascoe <wayne.pascoe@realtime.co.uk> To: freebsd-questions@freebsd.org Subject: ipfw reading rules from a file Message-ID: <m3u25v3pgp.fsf@zaphod.realtime.co.uk>
next in thread | raw e-mail | index | archive | help
Hi all, I am trying to 'persuade' ipfw to read rules from a file. For the moment, I am just using a very simple rule that will allow access from the world. Once this works, I will translate the firewall rules that I use under ipf to ipfw. In /etc/rc.conf I have the following section # # Firewall options # firewall_enable="YES" firewall_type="filename" firewall_flags="/etc/firewall/ipfw.soften" firewall_logging="YES" I have tried the following for /etc/firewall/ipfw.soften : -- try 1 -- /sbin/ipfw allow all from any to any -- try 2 -- allow all from any to any -- try 3 -- 00100 allow ip from any to any None of these worked. It doesn't even seem to be reading the file in and using the rules. I have tried running sh /etc/rc.firewall from the prompt, and I get the following output : # sh /etc/rc.firewall Flushed all rules. 00100 allow ip from any to any via lo0 00200 deny ip from any to 127.0.0.0/0 I have tried this 3 times, each time with a different one of the above 3 lines in /etc/firewall/ipfw.soften I have checked that /etc/firewall/ipfw.soften is readable. What am I doing wrong here? What does my rc.conf need to contain and what does the file that I read from have to look like? Lastly, does ipfw work on a first match wins basis (like iptables / ipchains) or does it work on a last match wins basis (like ipf) ? Thanks, -- - Wayne Pascoe E-mail: wayne.pascoe@realtime.co.uk Phone : +44 (0) 20 7544 4668 Mobile: +44 (0) 788 431 1675 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?m3u25v3pgp.fsf>