Date: Thu, 1 Feb 2007 19:11:23 -0500 From: "The Admiral" <xxadmiralxx@gmail.com> To: freebsd-ipfw@freebsd.org Subject: Re: rc.firewall script not running at system boot Message-ID: <66f7e7af0702011611v155a3c2h6a26152d7faf9796@mail.gmail.com> In-Reply-To: <002401c74657$6b169690$0205000a@white> References: <66f7e7af0702011304m61385124r5876e0af3d767a55@mail.gmail.com> <002401c74657$6b169690$0205000a@white>
next in thread | previous in thread | raw e-mail | index | archive | help
Hi Dewayne, thanks for the response, although I tried enclosing the YES option in quotes but it didn't make a difference. Mike On 2/1/07, Dewayne Geraghty <dewayne.geraghty@heuristicsystems.com.au> wrote: > > Put quotes around gateway_enable="YES" > Regards, Dewayne. > > -----Original Message----- > From: owner-freebsd-ipfw@freebsd.org [mailto: > owner-freebsd-ipfw@freebsd.org] > On Behalf Of The Admiral > Sent: Friday, 2 February 2007 8:04 AM > To: freebsd-ipfw@freebsd.org > Subject: rc.firewall script not running at system boot > > We had a power outage last night and I arrived at work today to find that > one of our machines no longer has network access (one of the few machines > not on a battery backup unit). I checked to see what firewall rules were > enabled and the only one that was active was to deny all. It seems as > though my rc.firewall script wasn't run automatically when the system > booted. I rebooted to double check and sure enough the only rule enabled > was the deny all rule. My rc.conf file has the following: > > --------------------------------------------------------------- > hostname="dev" > > ifconfig_em0="inet 192.168.1.120 netmask 255.255.255.0" > ifconfig_vr0="inet 224.87.34.72 netmask 255.255.255.248" #real IP > hidden > on purpose > > defaultrouter="224.87.34.71" > > gateway_enable=YES > firewall_enable="YES" # Set to YES to enable firewall functionality > firewall_script="/etc/rc.firewall" # Which script to run to set up the > firewall > firewall_type="client" # Firewall type (see /etc/rc.firewall) > > --------------------------------------------------------------- > > my kernel configuration file has the following: > > --------------------------------------------------------------- > > options IPFIREWALL # required to use ipfw > options IPFIREWALL_FORWARD > options IPDIVERT # required for natd > options IPFIREWALL_VERBOSE # Enables logging of packets that > pass > through IPFW and have the 'log' keyword specified in the rule set. > > --------------------------------------------------------------- > > When I run the rc.firewall script directly (sudo /etc/rc.firewall client) > all my rulesets are enabled as they should, however, the rc.firewall file > isn't being executed at system boot, which I'd like to resolve, since it > means that the machine will be inaccessible if the machine is rebooted for > whatever reason, and no one is there to manually execute the firewall > script > from the console. The strange thing is, the last time I manually rebooted > the machine, the script was executed without a problem.. The machine > hasn't > been rebooted for a while though, and a lot of the software has been > updated > in the meantime, so I'm thinking that may be the cause, but I'm still > unsure > how to go about fixing this. Any help is greatly appreciated, thanks. > > Mike > _______________________________________________ > freebsd-ipfw@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw > To unsubscribe, send any mail to "freebsd-ipfw-unsubscribe@freebsd.org" > >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?66f7e7af0702011611v155a3c2h6a26152d7faf9796>