Thank you for you help - I misunderstood the firewall_script and firewall_type. Everything works well now. Just one annoying problem. I continually get a mail msg regarding firewall_enabled not found:
>From [EMAIL PROTECTED] Sat May 7 12:44:00 2005 Date: Sat, 7 May 2005 12:44:00 -0400 (EDT) From: [EMAIL PROTECTED] (Cron Daemon) To: [EMAIL PROTECTED] Subject: Cron <[EMAIL PROTECTED]> /usr/libexec/save-entropy firewall_enable: not found Can anyone tell me how to resolve this issue? Thanks again, Nicholas On 5/3/05, Giorgos Keramidas <[EMAIL PROTECTED]> wrote: > On 2005-05-03 15:18, Nicholas Henry <[EMAIL PROTECTED]> wrote: > > May 3 14:25:22 babe kernel: firewall_enable: not found > > May 3 14:25:22 babe kernel: ipfw2 initialized, divert disabled, rule-based > > forwarding dis$ > > May 3 14:25:22 babe kernel: Flushed all rules. > > May 3 14:25:22 babe kernel: Line 3: > > May 3 14:25:22 babe kernel: bad command `ipfw' > > May 3 14:25:22 babe kernel: > > May 3 14:25:22 babe kernel: Firewall rules loaded, starting divert daemons: > > May 3 14:25:22 babe kernel: firewall_enable: not found > > May 3 14:25:22 babe kernel: . > > May 3 14:25:22 babe kernel: net.inet.ip.fw.enable: > > May 3 14:25:22 babe kernel: 1 > > May 3 14:25:22 babe kernel: -> > > May 3 14:25:22 babe kernel: 1 > > > > I'm refering to the "bad command 'ipfw'" line. I'm also concerned > > about the "firewall_enable" not found message. > > It's normal. You're using firewall_type and yet you have written a > firewall _script_ in /etc/ipfw.rules. > > > ** start rc.conf snippet ** > > firewall_enable="YES" > > firewall_script="/etc/rc.firewall" > > firewall_type="/etc/ipfw.rules" > > firewall_quiet="NO" > > firewall_logging="NO" > > firewall_flags="" > > ** send rc.conf snippet ** > > Your firewall_type points to a pathname, so the file should contain > rules in the form: > > check-state > add allow tcp from any to any 80 keep-state > add block ip from any to any > > > ** start ipfw.rules ** > > > > #!/bin/sh > > # Flush out the list before we begin. > > ipfw -q -f flush > > > > # Set rules command prefix > > cmd="ipfw -q add" > > skip="skipto 801" > > pif="fxp0" #found by doing a ifconfig or netstat -nr > > # public interface name of NIC > > Your ipfw.rules file is written in the form of a firewall_script. > The difference between the two is small but important. > > A firewall_type file contains just a set of rules that ipfw(8) will > parse, without intervention by a shell. > > A firewall_script is executed by the /bin/sh shell, as a normal shell > script. One example of what can be used as a firewall_script is > /etc/rc.firewall (in pre-5.X versions) or /etc/rc.d/ipfw (in FreeBSD > 5.X or later). > > _______________________________________________ > [email protected] mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to "[EMAIL PROTECTED]" > _______________________________________________ [email protected] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
