Date: Fri, 16 Feb 2001 12:26:05 +0200 From: Neil Blakey-Milner <nbm@mithrandr.moria.org> To: Wayne Pascoe <wayne.pascoe@realtime.co.uk> Cc: freebsd-questions@freebsd.org Subject: Re: ipfw reading rules from a file Message-ID: <20010216122605.A77126@rapier.smartspace.co.za> In-Reply-To: <m3u25v3pgp.fsf@zaphod.realtime.co.uk>; from wayne.pascoe@realtime.co.uk on Fri, Feb 16, 2001 at 10:13:42AM %2B0000 References: <m3u25v3pgp.fsf@zaphod.realtime.co.uk>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri 2001-02-16 (10:13), Wayne Pascoe wrote: > I am trying to 'persuade' ipfw to read rules from a file. For the > moment, I am just using a very simple rule that will allow access from > the world. Once this works, I will translate the firewall rules that I > use under ipf to ipfw. > > In /etc/rc.conf I have the following section > > # > # Firewall options > # > firewall_enable="YES" > firewall_type="filename" > firewall_flags="/etc/firewall/ipfw.soften" > firewall_logging="YES" Change that to: firewall_type="/etc/firewall/ipfw.soften" And remove the firewall_flags line, and it should work. > I have tried the following for /etc/firewall/ipfw.soften : > > -- try 1 -- > /sbin/ipfw allow all from any to any This won't work. > > -- try 2 -- > allow all from any to any > > -- try 3 -- > 00100 allow ip from any to any These should. > Lastly, does ipfw work on a first match wins basis (like iptables / > ipchains) or does it work on a last match wins basis (like ipf) ? First-match. Neil -- Neil Blakey-Milner nbm@mithrandr.moria.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010216122605.A77126>