On 2003-02-21 20:08, Jim Xochellis <[EMAIL PROTECTED]> wrote:
> I have a FreeBSD 4.7(i386) Release router I am trying to make it run
> with the ipf firewall on.
>
> I have compiled and installed a new kernel with ipf support and then I
> put the following lines inside my rc.conf file:
>
> ipfilter_enable="YES"
> ipfilter_program="/sbin/ipf -Fa -f"
> ipfilter_rules="/etc/ipf.rules"
> ipfilter_flags=""
>
> The problem is that, when I boot, ipf does not work. It seems like is
> not using the rules.
Don't change ipfilter_program if you don't have a *very* good reason
for doing so:
$ grep ipfilter_program /etc/defaults/rc.conf
ipfilter_program="/sbin/ipf" # where the ipfilter program lives
Before you change one of the xxx_program options in rc.conf you should
make sure that you understand what this change will affect, by looking
at the /etc/rc* scripts:
$ grep -l ipfilter_program /etc/rc*
rc.network
$ grep ipfilter_program /etc/rc.network
${ipfilter_program:-/sbin/ipf} -Fa
${ipfilter_program:-/sbin/ipf} \
${ipfilter_program:-/sbin/ipf} -6 \
${ipfilter_program:-/sbin/ipf} -y ${ipfilter_flags} >/dev/null
By setting ipfilter_program to "/sbin/ipf -Fa -f", that first line of
rc.network became:
/sbin/ipf -Fa -f -Fa
which doesn't work. Similarly, the -f option at the end of your
ipfilter_program value broke all the rest of the ipf commands in
/etc/rc.network. Delete the ipfilter_program line from your rc.conf
and the default will work fine.
Here's what I have in my rc.conf for ipfilter and ipmon:
$ grep '^ip[fm]' /etc/rc.conf
ipfilter_enable="YES"
ipfilter_rules="/etc/ipf.rules"
ipmon_enable="YES"
ipmon_flags="-D -s -o I"
- Giorgos
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-questions" in the body of the message
