From owner-freebsd-questions Fri Feb 21 11:25:44 2003 Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id DF09437B401 for ; Fri, 21 Feb 2003 11:25:40 -0800 (PST) Received: from mail.bellavista.cz (mail.bellavista.cz [62.168.44.50]) by mx1.FreeBSD.org (Postfix) with ESMTP id B969E43F85 for ; Fri, 21 Feb 2003 11:25:32 -0800 (PST) (envelope-from neuhauser@bellavista.cz) Received: from freepuppy.bellavista.cz (freepuppy.bellavista.cz [10.0.0.10]) by mail.bellavista.cz (Postfix) with ESMTP id 6F337379; Fri, 21 Feb 2003 20:25:24 +0100 (CET) Received: by freepuppy.bellavista.cz (Postfix, from userid 1001) id 9178F2FDB3F; Fri, 21 Feb 2003 20:24:54 +0100 (CET) Date: Fri, 21 Feb 2003 20:24:54 +0100 From: Roman Neuhauser To: Jim Xochellis Cc: freebsd-questions@FreeBSD.ORG Subject: Re: Problems with in the ipf setup in an FreeBSD 4.7 router Message-ID: <20030221192454.GQ329@freepuppy.bellavista.cz> Mail-Followup-To: Jim Xochellis , freebsd-questions@FreeBSD.ORG References: <3E566B12.5DEE5B21@escape.gr> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <3E566B12.5DEE5B21@escape.gr> User-Agent: Mutt/1.5.1i Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG # dxoch@escape.gr / 2003-02-21 20:08:17 +0200: > I have compiled and installed a new kernel with ipf support and then I > put the following lines inside my rc.conf file: > > ipfilter_enable="YES" > ipfilter_program="/sbin/ipf -Fa -f" > ipfilter_rules="/etc/ipf.rules" > ipfilter_flags="" remove the three lines above, leaving only ipfilter_enable="YES" in rc.conf. > The problem is that, when I boot, ipf does not work. It seems like is > not using the rules. > > If I enter "ipf -Fa -f /etc/ipf.rules" from the command line, then it > starts working as expected. if you look at /etc/rc.network you'll see why: ${ipfilter_program:-/sbin/ipf} -Fa -f \ "${ipfilter_rules}" ${ipfilter_flags} your settings make it: /sbin/ipf -Fa -f -Fa -f /etc/ipf.rules -- If you cc me or remove the list(s) completely I'll most likely ignore your message. see http://www.eyrie.org./~eagle/faqs/questions.html To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message