Date: Thu, 13 Dec 2007 12:39:44 -0600 From: "W. D." <WD@US-Webmasters.com> To: Gary Palmer <info@plot.uz> Cc: freebsd-security@freebsd.org Subject: Re: IPFW compiled in kernel: Where is it reading the config? Message-ID: <20071213183957.B348013C469@mx1.freebsd.org> In-Reply-To: <20071213110009.GB986@in-addr.com> References: <20071213081155.ABBC813C4D5@mx1.freebsd.org> <20071213110009.GB986@in-addr.com>
next in thread | previous in thread | raw e-mail | index | archive | help
At 05:00 12/13/2007, Gary Palmer wrote: >=20 >> The config file locaton that I specify in rc.conf doesn't=20 >> appear to be being used: >>=20 >> firewall_script=3D"/usr/local/etc/ipfw.rules" > >You require > >firewall_enable=3D"YES" > >in /etc/rc.conf for the rules to be looked at > >Also, firewall_script may be the wrong configuration parameter to use. =20 >firewall_script is expected to be a shell script to configure the=20 >firewall. If you just want a file of rules, set firewall_type instead. >e.g. > >firewall_type=3D"/etc/rc.firewall.rules" >firewall_enable=3D"YES" > >and then put your rules one line at a time into the specified file. i.e. > >add allow ip from any to any via lo0 >(etc) > >ipfw is a kernel module. It will not show up in "ps aux". If >"ipfw list" does not come back with an error message, then it >is likely running. You can check for the ipfw module using > >kldstat > >(assuming you did not compile ipfw into a custom kernel) > >To check the syntax of a list of rules (note: not a shell script) then >you can use > >ipfw -n /path/to/rules/file > >>From the man page > > -n Only check syntax of the command strings, without actually= pass- > ing them to the kernel. > >Regards, > >Gary Thanks, Gary! This is much of what I was looking for. Start Here to Find It Fast!=99 ->= http://www.US-Webmasters.com/best-start-page/ $8.77 Domain Names -> http://domains.us-webmasters.com/
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20071213183957.B348013C469>