Date: Thu, 11 Jun 1998 14:25:16 -0700 From: Jeff Kletsky <Jeff@Wagsky.com> To: durkin <durkin@matter.net> Cc: freebsd-stable@FreeBSD.ORG Subject: Re: rc.firewall and ipfw commands Message-ID: <l03110702b1a5fa6dc4fb@[192.168.6.3]> In-Reply-To: <Pine.BSF.3.96.980611163509.16460A-100000@gigantor.matter.net> References: <199806101505.IAA05083@cwsys.cwsent.com>
next in thread | previous in thread | raw e-mail | index | archive | help
>On Wed, 10 Jun 1998, Cy Schubert - ITSD Open Systems Group wrote: > >> In my firewall configurations I modify rc.firewall to recognize a >> "user" firewall type (for user defined) and specify >> firewall_type="user" in my rc.conf. The "user" firewall type executes >> /usr/local/etc/rc.firewall.local instead of one of the predefined >> firewall types in rc.firewall. This may be a handy feature in the >> stock FreeBSD rc.firewall. If anyone wishes I can submit a PR to have >> this included in the FreeBSD distribution. >> > >Actually, FreeBSD's rc.firewall already has the ability to load ipfw >commands contained within a file. Just specify the firewall type as the >filename which contains the commands. Unfortunately, ipfw does not appear to allow a file of the form: -f flush add 1 count log tcp from any to any setup recv tun0 in . . . to permit reliable removal of the rules introduced by rc.firewall *before* the call for the "unknown" firewall is made: elif [ "${firewall_type}" != "UNKNOWN" -a -r "${firewall_type}" ]; then $fwcmd ${firewall_type} fi Mr. Schubert's approach allows greater flexibility and reliability for this critical function -- independent of changes in the distribution version of rc.firewall. Jeff To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?l03110702b1a5fa6dc4fb>