Skip site navigation (1)Skip section navigation (2) 
Date:      Tue, 8 Feb 2000 04:03:03 +0200
From:      Giorgos Keramidas <keramida@ceid.upatras.gr>
To:        Chip Wiegand <chip@wiegand.org>
Cc:        questions@freebsd.org
Subject:   Re: rc.firewall problem
Message-ID:  <20000208040302.B10648@hades.hell.gr>
In-Reply-To: <389D1F1A.294E659E@wiegand.org>; from chip@wiegand.org on Sat, Feb 05, 2000 at 11:13:30PM -0800
References:  <389D1F1A.294E659E@wiegand.org>
next in thread | previous in thread | raw e-mail | index | archive | help 
On Sat, Feb 05, 2000 at 11:13:30PM -0800, Chip Wiegand wrote:
>
> I set up ipfirewall exactly as specified in The complete FreeBSD 3.3
> book for the 'simple' firewall profile. First problem was when I
> rebooted I got a message about a line in the rc.firewall that wasn't
> recognized - it didn't like ' elif [..... etc]; then ' (page 504),
> and I got prompt that the system couldn't find the path to the shell,
> I had to enter it or hit enter. I did.
>
> Then edited rc.firewall ...
[snip]

You're not supposed to edit or modify in any way rc.firewall, well, at
least most of the time.  Let's see how you can start fixing things...

For a starters, restore your /etc/rc.firewall by copying over it the
original from /usr/src/etc/rc.firewall.  This will get your rc.firewall
script in it's original shape, and you'll be able to set the thing up
properly.

Then, you need to copy the following lines of /etc/defaults/rc.conf into
your /etc/rc.conf file:

    firewall_enable="NO"
    firewall_type="UNKNOWN"

to enable the ipfw firewall at boot time, change these lines to look
like the following [make the changes ONLY in /etc/rc.conf]:

    firewall_enable="YES"
    firewall_type="simple"

Optionally, you might want to set firewall_quiet to YES, to disable the
printing of the actual firewall rules.  Do this by adding the following
line to your /etc/rc.conf:

    firewall_quiet="YES"

For more information on writing your own rule-set, and a few really
basic examples of using ipfw, you can always take a look at:

    <http://students.ceid.upatras.gr/~keramida/freebsd/ipfw.html>;
 OR <http://students.ceid.upatras.gr/~keramida/freebsd/ipfw-closed.html>;

Ciao.

-- 
Giorgos Keramidas, < keramida @ ceid . upatras . gr >
For my public PGP key: finger keramida@diogenis.ceid.upatras.gr
PGP fingerprint, phone and address in the headers of this message.


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20000208040302.B10648>