Re: [FUG-BR] Duvida na utilização dos scripts rc.d
On Mar 13, 2012 11:18 PM, Nilton Jose Rizzo ri...@i805.com.br wrote: Boa noite, Ja a muito tempo sempre ignorei o sript de firewall do free e fazia o meu próprio. Como montei uma máquina nova (FreeBSD 9.0) fui utilizar a opção do rc.conf para colocar o meu script para rodar,e para minha surpresa o negocio não inicializa corretamente, dá erros em um echo ou no próprio /sbin/ipfw vejam: firewall_enable=YES # Set to YES to enable firewall functionality firewall_script=/etc/rc.firewall # Which script to run to set up the firewall firewall_type=/etc/rc.personalfw # Firewall type (see /etc/rc.firewall) firewall_quiet=NO # Set to YES to suppress rule display firewall_logging=YES # Set to YES to enable events logging firewall_flags= # Flags passed to ipfw when type is a file Olha so, nunca usei esse esquema do rc.conf para firewall, mas vique no /etc/defaults/rc.conf a opcao firewall_type q voce usou nao bate com a especificacao la: BARAD-DUR# grep firewall /etc/defaults/rc.conf ### Basic network and firewall/security options: ### firewall_enable=NO# Set to YES to enable firewall functionality firewall_script=/etc/rc.firewall # Which script to run to set up the firewall firewall_type=UNKNOWN # Firewall type (see /etc/rc.firewall) firewall_quiet=NO # Set to YES to suppress rule display firewall_logging=NO # Set to YES to enable events logging firewall_flags= # Flags passed to ipfw when type is a file Ele fala para ver o /etc/rc.firewall para as opcoes do firewall_type Nesse aquivo tem: # Define the firewall type in /etc/rc.conf. Valid values are: # open- will allow anyone in # client - will try to protect just this machine # simple - will try to protect a whole network # closed - totally disables IP services except via lo0 interface # workstation - will try to protect just this machine using stateful # firewalling. See below for rc.conf variables used # UNKNOWN - disables the loading of firewall rules. # filename- will load the rules in the given filename (full path required) Ok, ali diz que voce pode usar um caminho para um arquivo com as regras. Entao eu pergunto, sera que nao eh isso? Digo, ao que parece nesse seu arquivo tem echo e isso nao eh uma regra... Voce esta usando o arquivo como em shell script, mas talvez o rc.firewall espera que o arquivo seja apenas uma lista com as regras Meu script é apenas simplificado (rc.personalfw #!/bin/sh echo 'Firewall version 1.0' echo '' /sbin/ipfw add 65000 allow all from any to any /sbin/ipfw add 1 deny log logamount 0 ip from any to me via re0 setup Quando executo na mão (/etc/rc.personalfw) roda ok Quando executoi via rc.firewall ou ipfw start home# sh /etc/rc.firewall Flushed all rules. 00100 allow ip from any to any via lo0 00200 deny ip from any to 127.0.0.0/8 00300 deny ip from 127.0.0.0/8 to any 00400 deny ip from any to ::1 00500 deny ip from ::1 to any 00600 allow ipv6-icmp from :: to ff02::/16 00700 allow ipv6-icmp from fe80::/10 to fe80::/10 00800 allow ipv6-icmp from fe80::/10 to ff02::/16 00900 allow ipv6-icmp from any to any ip6 icmp6types 1 01000 allow ipv6-icmp from any to any ip6 icmp6types 2,135,136 Line 3: bad command `echo' ou home# /etc/rc.d/ipfw start Flushed all rules. 00100 allow ip from any to any via lo0 00200 deny ip from any to 127.0.0.0/8 00300 deny ip from 127.0.0.0/8 to any 00400 deny ip from any to ::1 00500 deny ip from ::1 to any 00600 allow ipv6-icmp from :: to ff02::/16 00700 allow ipv6-icmp from fe80::/10 to fe80::/10 00800 allow ipv6-icmp from fe80::/10 to ff02::/16 00900 allow ipv6-icmp from any to any ip6 icmp6types 1 01000 allow ipv6-icmp from any to any ip6 icmp6types 2,135,136 Line 3: bad command `echo' Firewall rules loaded. Firewall logging enabled. Já olhei, já vasculhei o manual na rede e não achei nada de útil que resolva o meu problema. Alguem tem alguma luz -- Nilton José Rizzo 805 Informatica Disseminando tecnologias 021 2413 9786 --- A: Because it messes up the order in which people normally read text. Q: Why is top-posting such a bad thing? http://en.wikipedia.org/wiki/Posting_style - Histórico: http://www.fug.com.br/historico/html/freebsd/ Sair da lista: https://www.fug.com.br/mailman/listinfo/freebsd - Histórico: http://www.fug.com.br/historico/html/freebsd/ Sair da lista: https://www.fug.com.br/mailman/listinfo/freebsd
Re: [FUG-BR] Duvida na utilização dos scripts rc.d
Em 14/03/2012 22:34, Marcelo/Porks escreveu: On Mar 13, 2012 11:18 PM, Nilton Jose Rizzori...@i805.com.br wrote: Boa noite, Ja a muito tempo sempre ignorei o sript de firewall do free e fazia o meu próprio. Como montei uma máquina nova (FreeBSD 9.0) fui utilizar a opção do rc.conf para colocar o meu script para rodar,e para minha surpresa o negocio não inicializa corretamente, dá erros em um echo ou Oi Nilton, Eu uso meu próprio script ipfw e faço assim pra ele rodar pelo /etc/rc.conf firewall_enable=YES firewall_script=/etc/beastiefrw/beastiefrw Não uso o firewall_type pois esse usa os firewalls pre-prontos do FreeBSD. :) Uso apenas os carinhas acima. Só isso que faço :) no próprio /sbin/ipfw vejam: firewall_enable=YES # Set to YES to enable firewall functionality firewall_script=/etc/rc.firewall # Which script to run to set up the firewall firewall_type=/etc/rc.personalfw # Firewall type (see /etc/rc.firewall) firewall_quiet=NO # Set to YES to suppress rule display firewall_logging=YES # Set to YES to enable events logging firewall_flags= # Flags passed to ipfw when type is a file Olha so, nunca usei esse esquema do rc.conf para firewall, mas vique no /etc/defaults/rc.conf a opcao firewall_type q voce usou nao bate com a especificacao la: BARAD-DUR# grep firewall /etc/defaults/rc.conf ### Basic network and firewall/security options: ### firewall_enable=NO# Set to YES to enable firewall functionality firewall_script=/etc/rc.firewall # Which script to run to set up the firewall firewall_type=UNKNOWN # Firewall type (see /etc/rc.firewall) firewall_quiet=NO # Set to YES to suppress rule display firewall_logging=NO # Set to YES to enable events logging firewall_flags= # Flags passed to ipfw when type is a file Ele fala para ver o /etc/rc.firewall para as opcoes do firewall_type Nesse aquivo tem: # Define the firewall type in /etc/rc.conf. Valid values are: # open- will allow anyone in # client - will try to protect just this machine # simple - will try to protect a whole network # closed - totally disables IP services except via lo0 interface # workstation - will try to protect just this machine using stateful # firewalling. See below for rc.conf variables used # UNKNOWN - disables the loading of firewall rules. # filename- will load the rules in the given filename (full path required) Ok, ali diz que voce pode usar um caminho para um arquivo com as regras. Entao eu pergunto, sera que nao eh isso? Digo, ao que parece nesse seu arquivo tem echo e isso nao eh uma regra... Voce esta usando o arquivo como em shell script, mas talvez o rc.firewall espera que o arquivo seja apenas uma lista com as regras Meu script é apenas simplificado (rc.personalfw #!/bin/sh echo 'Firewall version 1.0' echo '' /sbin/ipfw add 65000 allow all from any to any /sbin/ipfw add 1 deny log logamount 0 ip from any to me via re0 setup Quando executo na mão (/etc/rc.personalfw) roda ok Quando executoi via rc.firewall ou ipfw start home# sh /etc/rc.firewall Flushed all rules. 00100 allow ip from any to any via lo0 00200 deny ip from any to 127.0.0.0/8 00300 deny ip from 127.0.0.0/8 to any 00400 deny ip from any to ::1 00500 deny ip from ::1 to any 00600 allow ipv6-icmp from :: to ff02::/16 00700 allow ipv6-icmp from fe80::/10 to fe80::/10 00800 allow ipv6-icmp from fe80::/10 to ff02::/16 00900 allow ipv6-icmp from any to any ip6 icmp6types 1 01000 allow ipv6-icmp from any to any ip6 icmp6types 2,135,136 Line 3: bad command `echo' ou home# /etc/rc.d/ipfw start Flushed all rules. 00100 allow ip from any to any via lo0 00200 deny ip from any to 127.0.0.0/8 00300 deny ip from 127.0.0.0/8 to any 00400 deny ip from any to ::1 00500 deny ip from ::1 to any 00600 allow ipv6-icmp from :: to ff02::/16 00700 allow ipv6-icmp from fe80::/10 to fe80::/10 00800 allow ipv6-icmp from fe80::/10 to ff02::/16 00900 allow ipv6-icmp from any to any ip6 icmp6types 1 01000 allow ipv6-icmp from any to any ip6 icmp6types 2,135,136 Line 3: bad command `echo' Firewall rules loaded. Firewall logging enabled. Já olhei, já vasculhei o manual na rede e não achei nada de útil que resolva o meu problema. Alguem tem alguma luz -- Nilton José Rizzo 805 Informatica Disseminando tecnologias 021 2413 9786 --- A: Because it messes up the order in which people normally read text. Q: Why is top-posting such a bad thing? http://en.wikipedia.org/wiki/Posting_style - Histórico: http://www.fug.com.br/historico/html/freebsd/ Sair da lista: https://www.fug.com.br/mailman/listinfo/freebsd - Histórico: http://www.fug.com.br/historico/html/freebsd/ Sair da lista:
[FUG-BR] Duvida na utilização dos scripts rc.d
Boa noite, Ja a muito tempo sempre ignorei o sript de firewall do free e fazia o meu próprio. Como montei uma máquina nova (FreeBSD 9.0) fui utilizar a opção do rc.conf para colocar o meu script para rodar,e para minha surpresa o negocio não inicializa corretamente, dá erros em um echo ou no próprio /sbin/ipfw vejam: firewall_enable=YES # Set to YES to enable firewall functionality firewall_script=/etc/rc.firewall # Which script to run to set up the firewall firewall_type=/etc/rc.personalfw # Firewall type (see /etc/rc.firewall) firewall_quiet=NO # Set to YES to suppress rule display firewall_logging=YES # Set to YES to enable events logging firewall_flags= # Flags passed to ipfw when type is a file Meu script é apenas simplificado (rc.personalfw #!/bin/sh echo 'Firewall version 1.0' echo '' /sbin/ipfw add 65000 allow all from any to any /sbin/ipfw add 1 deny log logamount 0 ip from any to me via re0 setup Quando executo na mão (/etc/rc.personalfw) roda ok Quando executoi via rc.firewall ou ipfw start home# sh /etc/rc.firewall Flushed all rules. 00100 allow ip from any to any via lo0 00200 deny ip from any to 127.0.0.0/8 00300 deny ip from 127.0.0.0/8 to any 00400 deny ip from any to ::1 00500 deny ip from ::1 to any 00600 allow ipv6-icmp from :: to ff02::/16 00700 allow ipv6-icmp from fe80::/10 to fe80::/10 00800 allow ipv6-icmp from fe80::/10 to ff02::/16 00900 allow ipv6-icmp from any to any ip6 icmp6types 1 01000 allow ipv6-icmp from any to any ip6 icmp6types 2,135,136 Line 3: bad command `echo' ou home# /etc/rc.d/ipfw start Flushed all rules. 00100 allow ip from any to any via lo0 00200 deny ip from any to 127.0.0.0/8 00300 deny ip from 127.0.0.0/8 to any 00400 deny ip from any to ::1 00500 deny ip from ::1 to any 00600 allow ipv6-icmp from :: to ff02::/16 00700 allow ipv6-icmp from fe80::/10 to fe80::/10 00800 allow ipv6-icmp from fe80::/10 to ff02::/16 00900 allow ipv6-icmp from any to any ip6 icmp6types 1 01000 allow ipv6-icmp from any to any ip6 icmp6types 2,135,136 Line 3: bad command `echo' Firewall rules loaded. Firewall logging enabled. Já olhei, já vasculhei o manual na rede e não achei nada de útil que resolva o meu problema. Alguem tem alguma luz -- Nilton José Rizzo 805 Informatica Disseminando tecnologias 021 2413 9786 --- A: Because it messes up the order in which people normally read text. Q: Why is top-posting such a bad thing? http://en.wikipedia.org/wiki/Posting_style - Histórico: http://www.fug.com.br/historico/html/freebsd/ Sair da lista: https://www.fug.com.br/mailman/listinfo/freebsd