Ryan Thompson wrote:
K Anderson wrote to RYAN vAN GINNEKEN:Hmmm, pretty neat. I re-read the man page for it and yep, it sure does take a file name (like you all said, and the man page said, an abolute path. Doh).
ipfw isn't some sort of daemon to be stopped and started. If you want to add rules, delete rules or what ever then you just do it.
Yes, unless you're doing this over a network, in which case you want to make sure you don't break connectivity with an intermediate rule.
Take a look at the script in /etc/rc.firewalls and you'll see that's all they are doing.
so your firewall file should be a shell script. Even if you do man ipfw you'll see that in no way does ipfw accept a file name as an arguemnt. Pretty simple eh?
While you can write a shell script to call firewall rules (in the style of /etc/rc.firewall), you're wrong in your subsequent assertion; ipfw *does* accept a pathname to a file which, according to ipfw(8):
To ease configuration, rules can be put into a file which is processed using ipfw as shown in the first synopsis line. An absolute pathname must be used. The file will be read line by line and applied as argu- ments to the ipfw utility.
And, actually, this is pretty darn convenient, especially in conjunction with firewall_type="/path/to/ruleset" in rc.conf, once you have tested the ruleset, of course. :-)
Thanks for the response.
_______________________________________________ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"