Ryan Thompson wrote:
K Anderson wrote to RYAN vAN GINNEKEN:

ipfw isn't some sort of daemon to be stopped and started. If you want
to add rules, delete rules or what ever then  you just do it.

Yes, unless you're doing this over a network, in which case you want to
make sure you don't break connectivity with an intermediate rule.

Take a look at the script in /etc/rc.firewalls and you'll see that's all
they are doing.

so  your firewall file should be  a shell script. Even if you do man
ipfw you'll see that in no way does ipfw accept a file name as an
arguemnt.  Pretty simple eh?

While you can write a shell script to call firewall rules (in the style
of /etc/rc.firewall), you're wrong in your subsequent assertion; ipfw
*does* accept a pathname to a file which, according to ipfw(8):

     To ease configuration, rules can be put into a file which is processed
     using ipfw as shown in the first synopsis line.  An absolute pathname
     must be used.  The file will be read line by line and applied as argu-
     ments to the ipfw utility.

And, actually, this is pretty darn convenient, especially in conjunction
with firewall_type="/path/to/ruleset" in rc.conf, once you have tested
the ruleset, of course. :-)

- Ryan

Hmmm, pretty neat. I re-read the man page for it and yep, it sure does take a file name (like you all said, and the man page said, an abolute path. Doh).

Thanks for the response.


[EMAIL PROTECTED] mailing list
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Reply via email to