On Wed, 16 May 2007 16:58:39 +1200 "Brett Davidson" <[EMAIL PROTECTED]> wrote:
> I keep firewall rules in a file that I then run via a "sh" command. You > know, like /etc/rc.firewall. :-) > > Essentially the file does > ipfw -q -f flush > $cmd 0015 check-state > $cmd set 31 <rule#> <allow tcp from <address/subnet> to me 22 in via > $pif setup keep-state > > where $cmd = "ipfw -q add" and $pif = "em0". > > I understand that this set 31 rule should remain even after the flush > action on the first line. > > This does not appear to be the case. If I run this script from an ssh > session I get disconnected which is not what I expected. > > What am I doing wrong? Nothing wrong really, i've always found it worked like this (it's actually mentioned in man ipfw , @ the end, in the section about using ipfw as a kld). If you dont want to lose your session, use a tool like screen to keep your term alive even when getting booted. To avoid bad rules that lock you out altogether, implement a crontab that will reset the rules to a known good configuration after a short period of time (say, if u can't get in for 10 minutes, reset the rules. If you can get it, update the crontab so it doesnt get run). Beto _________________________ {Beto|Norberto|Numard} Meijome "They redundantly repeated themselves over and over again incessantly without end ad infinitum" ibid. I speak for myself, not my employer. Contents may be hot. Slippery when wet. Reading disclaimers makes you go blind. Writing them is worse. You have been Warned. _______________________________________________ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"