Date: Thu, 12 Jan 2006 13:58:09 -0600 From: Martin McCormick <martin@dc.cis.okstate.edu> To: freebsd-questions@freebsd.org Subject: Re: Strange Failure Mode in FreeBSD 4.11 Message-ID: <200601121958.k0CJw9hn091722@dc.cis.okstate.edu>
next in thread | raw e-mail | index | archive | help
I now realize that what actually happened here is an incorrect setup on my part of ipfw. I actually had a similar problem on another system last Summer, thought I had figured it all out, and have a time bomb waiting if that system happens to reboot since it is set up the same way.:-) In the rc.conf.local, I have: firewall_enable="YES" # Set to YES to enable firewall functionality firewall_script="/etc/rc.firewall" firewall_type="OPEN" # Firewall type (see /etc/rc.firewall) firewall_quiet="NO" # Set to YES to suppress rule display firewall_logging="YES" # Set to YES to enable events logging firewall_flags="" # Flags passed to ipfw when type is a file That makes ipfw load the rules in rc.firewall just fine. In rc.firewall, there is a place where one can include a table of local rules and that's where I am doing something wrong. The place in rc.firewall reads: # filename - will load the rules in the given filename (full path required) So, I have tried various forms of filename /etc/firewall_rules.ns and even filename - /etc/firewall_rules.ns ipfw nicely loads the rules in rc.firewall and then complains about filename not found. I even just stuck the path and file name in a line under # filename - will load the rules in the given filename (full path required) I wasn't surprised when it didn't like that either. If I replace rc.firewall with firewall_rules.ns, then only those rules get added which is why the tcp/ip stack appeared dead. What do I need to put in /etc/rc.firewall so it just includes /etc/firewall_rules.ns like the #include directive usually does? Many thanks. Martin McCormick WB5AGZ Stillwater, OK OSU Information Technology Department Network Operations Group .-- -... ..... .- --. --..
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200601121958.k0CJw9hn091722>