From owner-freebsd-questions@FreeBSD.ORG Fri Jan 30 18:23:03 2004 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 7FC9C16A4CE for ; Fri, 30 Jan 2004 18:23:03 -0800 (PST) Received: from mail.radicalv.com (secure.radicalv.com [216.118.91.10]) by mx1.FreeBSD.org (Postfix) with ESMTP id 00E3D43D39 for ; Fri, 30 Jan 2004 18:23:01 -0800 (PST) (envelope-from ecrist@adtechintegrated.com) Received: (qmail 56189 invoked from network); 31 Jan 2004 02:22:51 -0000 Received: from unknown (HELO 192.168.1.100) (63.228.14.245) by mail.radicalv.com with SMTP; 31 Jan 2004 02:22:51 -0000 From: Eric F Crist Organization: AdTech Integrated Systems, Inc To: Chuck Swiger Date: Fri, 30 Jan 2004 19:47:47 -0600 User-Agent: KMail/1.5 References: <200401301846.52757.ecrist@adtechintegrated.com> <401AFCBB.1010300@mac.com> In-Reply-To: <401AFCBB.1010300@mac.com> MIME-Version: 1.0 Content-Type: multipart/signed; protocol="application/pgp-signature"; micalg=pgp-sha1; boundary="Boundary-02=_KlwGAQV7GLJNs63"; charset="iso-8859-1" Content-Transfer-Encoding: 7bit Message-Id: <200401301947.54492.ecrist@adtechintegrated.com> cc: freebsd-questions@freebsd.org Subject: Re: where am I supposed to put my rc.firewall? X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: ecrist@adtechintegrated.com List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 31 Jan 2004 02:23:03 -0000 --Boundary-02=_KlwGAQV7GLJNs63 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Content-Description: signed data Content-Disposition: inline On Friday 30 January 2004 06:54 pm, Chuck Swiger wrote: > Eric F Crist wrote: > > I'm trying to add IPFW support. Where do I put my rc.firewall so that = it > > gets read at boot time? I've tried /usr/local/etc/rc.d and /etc but > > neither seems to get read. > > Specify the location of your firewall script in /etc/rc.conf like so: > > firewall_enable=3D'YES' > firewall_type=3D'/etc/ERICS_firewall' > firewall_flags=3D'-p /usr/bin/cpp' > > [ You might choose to use some other preprocessor... ] Well, here's what I have now. I have a file in /etc called grog.firewall. = =20 It's contents are: grog# more grog.firewall ipfw -f flush ipfw add 100 pass all from any to any via lo0 ipfw add 200 deny all from any to 127.0.0.0/8 ipfw add 300 deny ip from 127.0.0.0/8 to any ipfw add 600 allow all from any to any In my /etc/rc.conf file, I have the following two entries pertaining to the= =20 firewall: firewall_enable=3D"YES" firewall_type=3D"/etc/grog.firewall" Now, this is a headless system, so I access it through the serial port. I= =20 don't see any errors anywhere, but my ipfw show command, immediately after= =20 boot, shows: 65535 481 38684 deny ip from any to any What have I done wrong? =2D-=20 Eric F Crist AdTech Integrated Systems, Inc (612) 998-3588 --Boundary-02=_KlwGAQV7GLJNs63 Content-Type: application/pgp-signature Content-Description: signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (FreeBSD) iD8DBQBAGwlKzdyDbTMRQIYRAryKAJ9+0rKW1mSDtLSR/Dgo3+cNN3s54ACg4isK y87GyoKLKUEL6N9KySQlYWY= =LXp1 -----END PGP SIGNATURE----- --Boundary-02=_KlwGAQV7GLJNs63--