> > I use that all the time, maybe 1 out of 100 times it will kill > a ssh session (only one that has irssi open cause of the time > updating it kills it, i have it set to update every second > though, so normally it'd be like 1 out of 500 or so) and even > if it does, it still finishes loading the ruleset anyway so > you can just ssh straight back in
I used sysctl -a net.inet.ip.fw.enable=0 && firewall.sh && net.inet.ip.fw.enable=1 && sleep 60 && reboot and I would hit a ^c to stop the sleep and reboot if I didn't wack the firewall rules. The reboot would put it back to rc.conf firewall Never got disconnected. Only window of vulnerability was while loading new firewall rules. Yours is safer. _______________________________________________ freebsd-security@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "[EMAIL PROTECTED]"