RE: IPFW: rc.firewall script doesn't load when loading rules from a file

2003-02-18 Thread Aaron Burke


> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED]]On Behalf Of Jason Williams
> Sent: Tuesday, February 18, 2003 3:50 PM
> To: [EMAIL PROTECTED]
> Subject: IPFW: rc.firewall script doesn't load when loading rules from a
> file
> 
> 
> I'm using FBSD 4.7 and have compiled ipfw into the kernel. My rc.conf 
> file has the following:
> 
> firewall_enable="YES"
> firewall_script="/etc/rc.firewall"
> firewall_type="/etc/ipfw.rules"
I am not sure how your situation is different than most, but I use
firewall_type="OPEN" instead of "/etc/ipfw.rules". The other 
options will be listed in the file /etc/rc.firewall .

You may want to look at the following in the freebsd handbook.
http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/firewalls.html

> firewall_quiet="NO"
> firewall_logging_enable="YES"
> log_in_vain="YES"
> icmp_drop_redirect="YES"
> 
> On reboot, ipfw is not reading rc.firewall before loading my rules - 
> /etc/ipfw.rules - as I've assumed it would. I thought I could let 
> rc.firewall take care of housekeeping ( flush and loopback rules ) 
> before moving on to the the custom rules in ipfw.rules. Am I missing 
> something here or is it normal to bypass rc.firewall altogether and set 
> up a rules file with everything needed in there? All the tutorials seem 
> to suggest that ipfw reads rc.firewall first before moving onto custom 
> rules files, but that has not been my experience here. Thanks for your 
> help
> 
> Jason Williams
> [EMAIL PROTECTED]
> 
> 
> To Unsubscribe: send mail to [EMAIL PROTECTED]
> with "unsubscribe freebsd-questions" in the body of the message
> 
> 


To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-questions" in the body of the message



Re: IPFW: rc.firewall script doesn't load when loading rules from a file

2003-02-18 Thread Giorgos Keramidas
On 2003-02-18 15:49, Jason Williams <[EMAIL PROTECTED]> wrote:
> I'm using FBSD 4.7 and have compiled ipfw into the kernel. My
> rc.conf file has the following:
>
> firewall_enable="YES"
> firewall_script="/etc/rc.firewall"
> firewall_type="/etc/ipfw.rules"
> firewall_quiet="NO"
> firewall_logging_enable="YES"
> log_in_vain="YES"
> icmp_drop_redirect="YES"
>
> On reboot, ipfw is not reading rc.firewall before loading my rules -
> /etc/ipfw.rules - as I've assumed it would. I thought I could let
> rc.firewall take care of housekeeping ( flush and loopback rules )
> before moving on to the the custom rules in ipfw.rules. Am I missing
> something here or is it normal to bypass rc.firewall altogether and
> set up a rules file with everything needed in there?

When you set firewall_type="/etc/ipfw.rules" in your rc.conf, only the
following commands are run by rc.firewall:

ipfw -f flush
ipfw /etc/ipfw.rules

That's all.  If you want the rules to have similar behavior to some of
the rules listed for open/closed/client/simple, you'll have to copy
the appropriate rules from rc.firewall into your /etc/ipfw.rules file.

Giorgos


To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-questions" in the body of the message