On Wed, 16 May 2007 16:58:39 +1200
"Brett Davidson" <[EMAIL PROTECTED]> wrote:

> I keep firewall rules in a file that I then run via a "sh" command. You
> know, like /etc/rc.firewall. :-)
> Essentially the file does 
> ipfw -q -f flush
> $cmd 0015 check-state
> $cmd set 31 <rule#> <allow tcp from <address/subnet> to me 22 in via
> $pif setup keep-state
> where $cmd = "ipfw -q add"  and $pif = "em0".
> I understand that this set 31 rule should remain even after the flush
> action on the first line.
> This does not appear to be the case. If I run this script from an ssh
> session I get disconnected which is not what I expected. 
> What am I doing wrong?

Nothing wrong really, i've always found it worked like this (it's actually
mentioned in man ipfw , @ the end, in the section about using ipfw as a kld).

If you dont want to lose your session, use a tool like screen to keep your
term alive even when getting booted.

To avoid bad rules  that lock you out altogether, implement a crontab that will
reset the rules to a known good configuration after a short period of time
(say, if u can't get in for 10 minutes, reset the rules. If you can get it,
update the crontab so it doesnt get run). 


{Beto|Norberto|Numard} Meijome

"They redundantly repeated themselves over and over again incessantly without
end ad infinitum" ibid.

I speak for myself, not my employer. Contents may be hot. Slippery when wet.
Reading disclaimers makes you go blind. Writing them is worse. You have been
freebsd-questions@freebsd.org mailing list
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Reply via email to