From owner-freebsd-ipfw@FreeBSD.ORG Fri Feb 2 00:11:27 2007 Return-Path: X-Original-To: freebsd-ipfw@freebsd.org Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 726C016A400 for ; Fri, 2 Feb 2007 00:11:27 +0000 (UTC) (envelope-from xxadmiralxx@gmail.com) Received: from ug-out-1314.google.com (ug-out-1314.google.com [66.249.92.170]) by mx1.freebsd.org (Postfix) with ESMTP id B6BD413C48D for ; Fri, 2 Feb 2007 00:11:26 +0000 (UTC) (envelope-from xxadmiralxx@gmail.com) Received: by ug-out-1314.google.com with SMTP id o2so613175uge for ; Thu, 01 Feb 2007 16:11:24 -0800 (PST) DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=beta; h=received:message-id:date:from:to:subject:in-reply-to:mime-version:content-type:references; b=LDA+4P8aZwLUFNvggvEGGyczh6AaKotk0oPHAJvuSEa2bQOmBn1CbHQCVaFuL/vS+G3T2iDsr/gSD49SKuhjjMGb17YY/hNrKuVHmKY4BY9KavJQ6f3OfTfP30bvQB6Fgq76LolrGKAlvCv2aNitYRvrJ9XsijTiuCku42WFHHM= Received: by 10.67.117.18 with SMTP id u18mr3515902ugm.1170375084019; Thu, 01 Feb 2007 16:11:24 -0800 (PST) Received: by 10.66.233.7 with HTTP; Thu, 1 Feb 2007 16:11:23 -0800 (PST) Message-ID: <66f7e7af0702011611v155a3c2h6a26152d7faf9796@mail.gmail.com> Date: Thu, 1 Feb 2007 19:11:23 -0500 From: "The Admiral" To: freebsd-ipfw@freebsd.org In-Reply-To: <002401c74657$6b169690$0205000a@white> MIME-Version: 1.0 References: <66f7e7af0702011304m61385124r5876e0af3d767a55@mail.gmail.com> <002401c74657$6b169690$0205000a@white> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Content-Disposition: inline X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Subject: Re: rc.firewall script not running at system boot X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 02 Feb 2007 00:11:27 -0000 Hi Dewayne, thanks for the response, although I tried enclosing the YES option in quotes but it didn't make a difference. Mike On 2/1/07, Dewayne Geraghty wrote: > > Put quotes around gateway_enable="YES" > Regards, Dewayne. > > -----Original Message----- > From: owner-freebsd-ipfw@freebsd.org [mailto: > owner-freebsd-ipfw@freebsd.org] > On Behalf Of The Admiral > Sent: Friday, 2 February 2007 8:04 AM > To: freebsd-ipfw@freebsd.org > Subject: rc.firewall script not running at system boot > > We had a power outage last night and I arrived at work today to find that > one of our machines no longer has network access (one of the few machines > not on a battery backup unit). I checked to see what firewall rules were > enabled and the only one that was active was to deny all. It seems as > though my rc.firewall script wasn't run automatically when the system > booted. I rebooted to double check and sure enough the only rule enabled > was the deny all rule. My rc.conf file has the following: > > --------------------------------------------------------------- > hostname="dev" > > ifconfig_em0="inet 192.168.1.120 netmask 255.255.255.0" > ifconfig_vr0="inet 224.87.34.72 netmask 255.255.255.248" #real IP > hidden > on purpose > > defaultrouter="224.87.34.71" > > gateway_enable=YES > firewall_enable="YES" # Set to YES to enable firewall functionality > firewall_script="/etc/rc.firewall" # Which script to run to set up the > firewall > firewall_type="client" # Firewall type (see /etc/rc.firewall) > > --------------------------------------------------------------- > > my kernel configuration file has the following: > > --------------------------------------------------------------- > > options IPFIREWALL # required to use ipfw > options IPFIREWALL_FORWARD > options IPDIVERT # required for natd > options IPFIREWALL_VERBOSE # Enables logging of packets that > pass > through IPFW and have the 'log' keyword specified in the rule set. > > --------------------------------------------------------------- > > When I run the rc.firewall script directly (sudo /etc/rc.firewall client) > all my rulesets are enabled as they should, however, the rc.firewall file > isn't being executed at system boot, which I'd like to resolve, since it > means that the machine will be inaccessible if the machine is rebooted for > whatever reason, and no one is there to manually execute the firewall > script > from the console. The strange thing is, the last time I manually rebooted > the machine, the script was executed without a problem.. The machine > hasn't > been rebooted for a while though, and a lot of the software has been > updated > in the meantime, so I'm thinking that may be the cause, but I'm still > unsure > how to go about fixing this. Any help is greatly appreciated, thanks. > > Mike > _______________________________________________ > freebsd-ipfw@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw > To unsubscribe, send any mail to "freebsd-ipfw-unsubscribe@freebsd.org" > >