From owner-freebsd-questions Tue Feb 18 16:41:39 2003 Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id E958237B401 for ; Tue, 18 Feb 2003 16:41:37 -0800 (PST) Received: from mailsrv.otenet.gr (mailsrv.otenet.gr [195.170.0.5]) by mx1.FreeBSD.org (Postfix) with ESMTP id 60B2F43F93 for ; Tue, 18 Feb 2003 16:41:36 -0800 (PST) (envelope-from keramida@ceid.upatras.gr) Received: from gothmog.gr (patr530-a042.otenet.gr [212.205.215.42]) by mailsrv.otenet.gr (8.12.6/8.12.6) with ESMTP id h1J0fWFw008009; Wed, 19 Feb 2003 02:41:34 +0200 (EET) Received: from gothmog.gr (gothmog [127.0.0.1]) by gothmog.gr (8.12.7/8.12.7) with ESMTP id h1J0fQ9p000682; Wed, 19 Feb 2003 02:41:26 +0200 (EET) (envelope-from keramida@ceid.upatras.gr) Received: (from giorgos@localhost) by gothmog.gr (8.12.7/8.12.7/Submit) id h1J0fG9m000681; Wed, 19 Feb 2003 02:41:16 +0200 (EET) (envelope-from keramida@ceid.upatras.gr) Date: Wed, 19 Feb 2003 02:41:16 +0200 From: Giorgos Keramidas To: Jason Williams Cc: freebsd-questions@FreeBSD.ORG Subject: Re: IPFW: rc.firewall script doesn't load when loading rules from a file Message-ID: <20030219004116.GA566@gothmog.gr> References: Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG On 2003-02-18 15:49, Jason Williams wrote: > I'm using FBSD 4.7 and have compiled ipfw into the kernel. My > rc.conf file has the following: > > firewall_enable="YES" > firewall_script="/etc/rc.firewall" > firewall_type="/etc/ipfw.rules" > firewall_quiet="NO" > firewall_logging_enable="YES" > log_in_vain="YES" > icmp_drop_redirect="YES" > > On reboot, ipfw is not reading rc.firewall before loading my rules - > /etc/ipfw.rules - as I've assumed it would. I thought I could let > rc.firewall take care of housekeeping ( flush and loopback rules ) > before moving on to the the custom rules in ipfw.rules. Am I missing > something here or is it normal to bypass rc.firewall altogether and > set up a rules file with everything needed in there? When you set firewall_type="/etc/ipfw.rules" in your rc.conf, only the following commands are run by rc.firewall: ipfw -f flush ipfw /etc/ipfw.rules That's all. If you want the rules to have similar behavior to some of the rules listed for open/closed/client/simple, you'll have to copy the appropriate rules from rc.firewall into your /etc/ipfw.rules file. Giorgos To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message