From owner-freebsd-questions@FreeBSD.ORG  Sat May  7 16:59:24 2005
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 3049316A4DB
	for <freebsd-questions@freebsd.org>;
	Sat,  7 May 2005 16:59:24 +0000 (GMT)
Received: from zproxy.gmail.com (zproxy.gmail.com [64.233.162.199])
	by mx1.FreeBSD.org (Postfix) with ESMTP id CE05043D5E
	for <freebsd-questions@freebsd.org>;
	Sat,  7 May 2005 16:59:23 +0000 (GMT)
	(envelope-from nicholas.henry@gmail.com)
Received: by zproxy.gmail.com with SMTP id 9so706763nzo
	for <freebsd-questions@freebsd.org>;
	Sat, 07 May 2005 09:59:22 -0700 (PDT)
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws;
	s=beta; d=gmail.com;
	h=received:message-id:date:from:reply-to:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references;
	b=aU/evPDxfzVgsG5OEF7pg/0b/cvu1aR7XZFy336KV/lOmYr7DyZdOYku6aOSH8fgRqMryK6CZyFCnNrM0PNrYsgFNzDlKfxkCTZfI9tfFgWW4CZ8CCwwZPH0J7TnlKt+Ul6xqA+Gr7BIHOuGMGG1uH+pA7pZh0gWPjUrZDxLa6c=
Received: by 10.36.46.8 with SMTP id t8mr839012nzt;
        Sat, 07 May 2005 09:59:22 -0700 (PDT)
Received: by 10.36.86.2 with HTTP; Sat, 7 May 2005 09:59:22 -0700 (PDT)
Message-ID: <ee11ef4a0505070959e7f0474@mail.gmail.com>
Date: Sat, 7 May 2005 12:59:22 -0400
From: Nicholas Henry <nicholas.henry@gmail.com>
To: freebsd-questions@freebsd.org
In-Reply-To: <20050503205915.GA16309@gothmog.gr>
Mime-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
Content-Disposition: inline
References: <ee11ef4a0505031218c9f64a5@mail.gmail.com>
	 <20050503205915.GA16309@gothmog.gr>
Subject: firewall_enabled: not found mail message (was IPFW custom rules
	file not loading)
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
Reply-To: Nicholas Henry <nicholas.henry@gmail.com>
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>,
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>,
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sat, 07 May 2005 16:59:24 -0000

Thank you for you help - I misunderstood the firewall_script and
firewall_type. Everything works well now. Just one annoying problem. I
continually get a mail msg regarding firewall_enabled not found:

>From operator@example.domain.ca Sat May  7 12:44:00 2005
Date: Sat, 7 May 2005 12:44:00 -0400 (EDT)
From: operator@example.domain.ca (Cron Daemon)
To: operator@example.domain.ca
Subject: Cron <operator@example> /usr/libexec/save-entropy

firewall_enable: not found

Can anyone tell me how to resolve this issue?

Thanks again,
Nicholas

On 5/3/05, Giorgos Keramidas <keramida@ceid.upatras.gr> wrote:
> On 2005-05-03 15:18, Nicholas Henry <nicholas.henry@gmail.com> wrote:
> > May  3 14:25:22 babe kernel: firewall_enable: not found
> > May  3 14:25:22 babe kernel: ipfw2 initialized, divert disabled, rule-b=
ased forwarding dis$
> > May  3 14:25:22 babe kernel: Flushed all rules.
> > May  3 14:25:22 babe kernel: Line 3:
> > May  3 14:25:22 babe kernel: bad command `ipfw'
> > May  3 14:25:22 babe kernel:
> > May  3 14:25:22 babe kernel: Firewall rules loaded, starting divert dae=
mons:
> > May  3 14:25:22 babe kernel: firewall_enable: not found
> > May  3 14:25:22 babe kernel: .
> > May  3 14:25:22 babe kernel: net.inet.ip.fw.enable:
> > May  3 14:25:22 babe kernel: 1
> > May  3 14:25:22 babe kernel: ->
> > May  3 14:25:22 babe kernel: 1
> >
> > I'm refering to the "bad command 'ipfw'" line. I'm also concerned
> > about the "firewall_enable" not found message.
>=20
> It's normal.  You're using firewall_type and yet you have written a
> firewall _script_ in /etc/ipfw.rules.
>=20
> > ** start rc.conf snippet **
> > firewall_enable=3D"YES"
> > firewall_script=3D"/etc/rc.firewall"
> > firewall_type=3D"/etc/ipfw.rules"
> > firewall_quiet=3D"NO"
> > firewall_logging=3D"NO"
> > firewall_flags=3D""
> > ** send rc.conf snippet **
>=20
> Your firewall_type points to a pathname, so the file should contain
> rules in the form:
>=20
>         check-state
>         add allow tcp from any to any 80 keep-state
>         add block ip from any to any
>=20
> > ** start ipfw.rules **
> >
> > #!/bin/sh
> > # Flush out the list before we begin.
> > ipfw -q -f flush
> >
> > # Set rules command prefix
> > cmd=3D"ipfw -q add"
> > skip=3D"skipto 801"
> > pif=3D"fxp0"    #found by doing a ifconfig or netstat -nr
> >               # public interface name of NIC
>=20
> Your ipfw.rules file is written in the form of a firewall_script.
> The difference between the two is small but important.
>=20
> A firewall_type file contains just a set of rules that ipfw(8) will
> parse, without intervention by a shell.
>=20
> A firewall_script is executed by the /bin/sh shell, as a normal shell
> script.  One example of what can be used as a firewall_script is
> /etc/rc.firewall (in pre-5.X versions) or /etc/rc.d/ipfw (in FreeBSD
> 5.X or later).
>=20
> _______________________________________________
> freebsd-questions@freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.o=
rg"
>