From owner-freebsd-questions  Tue Feb 18 15:49:43 2003
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 565B337B401
	for <freebsd-questions@FreeBSD.ORG>; Tue, 18 Feb 2003 15:49:42 -0800 (PST)
Received: from mx.seanet.com (mx.seanet.com [199.181.164.10])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 4ECD643FA3
	for <freebsd-questions@FreeBSD.ORG>; Tue, 18 Feb 2003 15:49:41 -0800 (PST)
	(envelope-from jason@seanet.com)
Received: from seanet.com (axis.seanet.com [199.181.168.61] (may be forged))
	by mx.seanet.com (8.11.6/8.11.6) with ESMTP id h1INnef08798
	for <freebsd-questions@FreeBSD.ORG>; Tue, 18 Feb 2003 15:49:40 -0800 (PST)
Date: Tue, 18 Feb 2003 15:49:40 -0800
Mime-Version: 1.0 (Apple Message framework v551)
Content-Type: text/plain; charset=US-ASCII; format=flowed
Subject: IPFW: rc.firewall script doesn't load when loading rules from a file
From: Jason Williams <jason@seanet.com>
To: freebsd-questions@FreeBSD.ORG
Content-Transfer-Encoding: 7bit
Message-Id: <A588EF8C-439B-11D7-8842-00306555B1FA@seanet.com>
X-Mailer: Apple Mail (2.551)
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-questions.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-questions>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-questions>
X-Loop: FreeBSD.ORG

I'm using FBSD 4.7 and have compiled ipfw into the kernel. My rc.conf 
file has the following:

firewall_enable="YES"
firewall_script="/etc/rc.firewall"
firewall_type="/etc/ipfw.rules"
firewall_quiet="NO"
firewall_logging_enable="YES"
log_in_vain="YES"
icmp_drop_redirect="YES"

On reboot, ipfw is not reading rc.firewall before loading my rules - 
/etc/ipfw.rules - as I've assumed it would. I thought I could let 
rc.firewall take care of housekeeping ( flush and loopback rules ) 
before moving on to the the custom rules in ipfw.rules. Am I missing 
something here or is it normal to bypass rc.firewall altogether and set 
up a rules file with everything needed in there? All the tutorials seem 
to suggest that ipfw reads rc.firewall first before moving onto custom 
rules files, but that has not been my experience here. Thanks for your 
help

Jason Williams
jason@seanet.com


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message