Date: Wed, 10 Jun 1998 08:04:50 -0700 From: Cy Schubert - ITSD Open Systems Group <cschuber@uumail.gov.bc.ca> To: Jeff Kletsky <Jeff@wagsky.com> Cc: freebsd-stable@FreeBSD.ORG Subject: Re: rc.firewall and ipfw commands Message-ID: <199806101505.IAA05083@cwsys.cwsent.com> In-Reply-To: Your message of "Sun, 07 Jun 1998 12:54:29 PDT." <l03110701b1a09d2cd1b9@[192.168.6.3]>
next in thread | previous in thread | raw e-mail | index | archive | help
In my firewall configurations I modify rc.firewall to recognize a
"user" firewall type (for user defined) and specify
firewall_type="user" in my rc.conf. The "user" firewall type executes
/usr/local/etc/rc.firewall.local instead of one of the predefined
firewall types in rc.firewall. This may be a handy feature in the
stock FreeBSD rc.firewall. If anyone wishes I can submit a PR to have
this included in the FreeBSD distribution.
Regards, Phone: (250)387-8437
Cy Schubert Fax: (250)387-5766
Open Systems Group Internet: cschuber@uumail.gov.bc.ca
ITSD Cy.Schubert@gems8.gov.bc.ca
Government of BC
> After building from 2.2.6-STABLE I came across a bit of a puzzle with the
> apparent loss of DNS and a lot of other services on my machine. The
> "problem" is that the rule numbers for the hard-wired rules in rc.firewall
> have been changed:
>
> $fwcmd add 100 pass all from any to any via lo0
> $fwcmd add 200 deny all from any to 127.0.0.0/8
>
> Now, if you are using the supplied named firewall options, you're ok. If
> you are using a file containing commands, or other utilities which modify
> the firewall, you could be in trouble (I happen to use the
> previously-unused rule 100 to monitor what's bringing up dial-on-demand
> ppp, so it is routinely deleted and added as the link changes state).
>
> Short-term fix:
> ---------------
> Leave the rules in place so the named firewall types work.
> Change rc.firewall to read:
>
> $fwcmd -f flush # because "-f flush" fails in a file*
> $fwcmd ${firewall_type}
>
>
> Long-term fix:
> --------------
>
> Convince the powers that be to only add the "standard" rules for the named
> firewall types.
>
>
>
> Jeff
>
> * Including "-f flush" as the first line of the file causes the next ipfw
> command in the sequence to abort execution...
>
>
>
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-stable" in the body of the message
>
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-stable" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199806101505.IAA05083>