On Friday 30 January 2004 06:54 pm, Chuck Swiger wrote: > Eric F Crist wrote: > > I'm trying to add IPFW support. Where do I put my rc.firewall so that it > > gets read at boot time? I've tried /usr/local/etc/rc.d and /etc but > > neither seems to get read. > > Specify the location of your firewall script in /etc/rc.conf like so: > > firewall_enable='YES' > firewall_type='/etc/ERICS_firewall' > firewall_flags='-p /usr/bin/cpp' > > [ You might choose to use some other preprocessor... ]
Well, here's what I have now. I have a file in /etc called grog.firewall. It's contents are: grog# more grog.firewall ipfw -f flush ipfw add 100 pass all from any to any via lo0 ipfw add 200 deny all from any to 127.0.0.0/8 ipfw add 300 deny ip from 127.0.0.0/8 to any ipfw add 600 allow all from any to any In my /etc/rc.conf file, I have the following two entries pertaining to the firewall: firewall_enable="YES" firewall_type="/etc/grog.firewall" Now, this is a headless system, so I access it through the serial port. I don't see any errors anywhere, but my ipfw show command, immediately after boot, shows: 65535 481 38684 deny ip from any to any What have I done wrong? -- Eric F Crist AdTech Integrated Systems, Inc (612) 998-3588
pgp00000.pgp
Description: signature
