From owner-freebsd-questions  Tue Feb 18 20:20:29 2003
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id E856737B401
	for <freebsd-questions@freebsd.org>; Tue, 18 Feb 2003 20:20:26 -0800 (PST)
Received: from mailout07.sul.t-online.com (mailout07.sul.t-online.com [194.25.134.83])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 3E4BE43F85
	for <freebsd-questions@freebsd.org>; Tue, 18 Feb 2003 20:20:26 -0800 (PST)
	(envelope-from 520023893678-0001@t-online.de)
Received: from fwd11.sul.t-online.de 
	by mailout07.sul.t-online.com with smtp 
	id 18lLiZ-0004QK-02; Wed, 19 Feb 2003 05:20:23 +0100
Received: from pD950C7B2.dip.t-dialin.net (520023893678-0001@[217.80.199.178]) by fwd11.sul.t-online.com
	with esmtp id 18lLiQ-0NkFqiC; Wed, 19 Feb 2003 05:20:14 +0100
Date: Wed, 19 Feb 2003 05:20:13 +0100 (CET)
From: 520023893678-0001@t-online.de (P. U. Kruppa)
Reply-To: "P.U.Kruppa" <root@pukruppa.de>
To: Jason Williams <jason@seanet.com>
Cc: freebsd-questions@FreeBSD.ORG
Subject: Re: IPFW: rc.firewall script doesn't load when loading rules from
 a file
In-Reply-To: <A588EF8C-439B-11D7-8842-00306555B1FA@seanet.com>
Message-ID: <20030219051338.B3399@small.pukruppa.de>
References: <A588EF8C-439B-11D7-8842-00306555B1FA@seanet.com>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
X-Sender: 520023893678-0001@t-dialin.net
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-questions.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-questions>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-questions>
X-Loop: FreeBSD.ORG

On Tue, 18 Feb 2003, Jason Williams wrote:

> I'm using FBSD 4.7 and have compiled ipfw into the kernel. My rc.conf
> file has the following:
>
> firewall_enable="YES"
> firewall_script="/etc/rc.firewall"
> firewall_type="/etc/ipfw.rules"
> firewall_quiet="NO"
> firewall_logging_enable="YES"
> log_in_vain="YES"
> icmp_drop_redirect="YES"

all you need to do, is to put your list of
ipfw ...
statements into your /etc/ipfw.rules and make it executable by
# chmod 750 /etc/ipfw.rules
and they will be executed on bootup.

The line
firewall_type="/etc/ipfw.rules"
in your rc.conf is not necessary.

Uli.

>
> On reboot, ipfw is not reading rc.firewall before loading my rules -
> /etc/ipfw.rules - as I've assumed it would. I thought I could let
> rc.firewall take care of housekeeping ( flush and loopback rules )
> before moving on to the the custom rules in ipfw.rules. Am I missing
> something here or is it normal to bypass rc.firewall altogether and set
> up a rules file with everything needed in there? All the tutorials seem
> to suggest that ipfw reads rc.firewall first before moving onto custom
> rules files, but that has not been my experience here. Thanks for your
> help
>
> Jason Williams
> jason@seanet.com
>
>
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-questions" in the body of the message
>

+-----------------------------------+
|        Peter Ulrich Kruppa        |
|          -  Wuppertal -           |
|              Germany              |
+-----------------------------------+

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message