On Wed, 16 May 2007 16:58:39 +1200
"Brett Davidson" <[EMAIL PROTECTED]> wrote:
> I keep firewall rules in a file that I then run via a "sh" command. You
> know, like /etc/rc.firewall. :-)
>
> Essentially the file does
> ipfw -q -f flush
> $cmd 0015 check-state
> $cmd set 31 <rule#> <allow tcp from <address/subnet> to me 22 in via
> $pif setup keep-state
>
> where $cmd = "ipfw -q add" and $pif = "em0".
>
> I understand that this set 31 rule should remain even after the flush
> action on the first line.
>
> This does not appear to be the case. If I run this script from an ssh
> session I get disconnected which is not what I expected.
>
> What am I doing wrong?
Nothing wrong really, i've always found it worked like this (it's actually
mentioned in man ipfw , @ the end, in the section about using ipfw as a kld).
If you dont want to lose your session, use a tool like screen to keep your
term alive even when getting booted.
To avoid bad rules that lock you out altogether, implement a crontab that will
reset the rules to a known good configuration after a short period of time
(say, if u can't get in for 10 minutes, reset the rules. If you can get it,
update the crontab so it doesnt get run).
Beto
_________________________
{Beto|Norberto|Numard} Meijome
"They redundantly repeated themselves over and over again incessantly without
end ad infinitum" ibid.
I speak for myself, not my employer. Contents may be hot. Slippery when wet.
Reading disclaimers makes you go blind. Writing them is worse. You have been
Warned.
_______________________________________________
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
