Date: Mon, 15 Nov 2010 09:44:56 +0100 (CET) From: Wojciech Puchar <wojtek@tensor.gdynia.pl> To: Grant Peel <gpeel@thenetnow.com> Cc: freebsd-questions@freebsd.org Subject: Re: IPFW at startup. Message-ID: <alpine.BSF.2.00.1011150944410.33955@tensor.gdynia.pl> In-Reply-To: <F0EC6A6EA8D7458ABBA85A01BA2EE4EE@GRANTLAPTOP> References: <F0EC6A6EA8D7458ABBA85A01BA2EE4EE@GRANTLAPTOP>
next in thread | previous in thread | raw e-mail | index | archive | help
simply edit /etc/rc.d/ipfw and make it doing only what you want. On Sun, 14 Nov 2010, Grant Peel wrote: > Hi all, > > I seem to have one server that does not flush the /etc/rc.firewall rules when > the script taken from "firewall_type" starts up. That is to say when I boot > the machine, 3 rules seem to be still in the list when I do an ipfw -a list. > Those three rules appear to be from the /etc.rc.firewall script. The rules > from my /etc/ipfw.rules file DO get loaded. > > Here are the three rules (100, 200, and 300), from /etc/rc.firewall. > > setup_loopback () { > ############ > # Only in rare cases do you want to change these rules > # > ${fwcmd} add 100 pass all from any to any via lo0 > ${fwcmd} add 200 deny all from any to 127.0.0.0/8 > ${fwcmd} add 300 deny ip from 127.0.0.0/8 to any > > Here is my /etc/rc,conf setup: > > firewall_enable="YES" > firewall_logging="YES" > firewall_type="/etc/ipfw.rules" > > Here is my /etc/ipfw.rules: > > enterprise# more /etc/ipfw.rules > # Loopback > add 00001 allow ip from any to any via lo0 > # Office and Home > add 00200 allow ip from xxx xxx xxx xxx xxx to any > add 00201 allow ip from any to xxx xxx xxx xxx > add 00202 allow all from xxx xxx xxx xxx to any > add 00203 allow all from any to xxx xxx xxx xxx > # Allow fxp0 out > add 00204 allow all from any to any out > # Allow local net > add 02000 allow ip from any to any via fxp1 > # email > add 04000 allow all from xxx xxx xxx xxx to any > add 04010 allow all from any to xxx xxx xxx xxx > add 04020 allow all from xxx xxx xxx xxx to any > add 04030 allow all from any to xxx xxx xxx xxx > add 04040 allow tcp from any to any 25,587 > add 04050 allow tcp from any 25,587 to any > # Bruteblock > add 08000 deny ip from table(1) to me > add 08001 deny ip from me to table(1) > add 09050 allow udp from any to any 53 in > # Email Test > add 09100 allow icmp from any to any icmptypes > 0,3,4,5,8,9,10,11,12,13,14,15,16,17,18 > add 65535 deny ip from any to any > > Oddly enough, I have several machies that are setup identicly and this is the > only one that has stikky rules from /etc/rc.firewall. > > Any one have any idea what knob might have been turned that causes the sticky > startup rules? > > -Grant > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org" > >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?alpine.BSF.2.00.1011150944410.33955>