From owner-freebsd-questions@FreeBSD.ORG Thu Jan 12 19:58:10 2006 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 3C87116A41F for ; Thu, 12 Jan 2006 19:58:10 +0000 (GMT) (envelope-from martin@dc.cis.okstate.edu) Received: from dc.cis.okstate.edu (dc.cis.okstate.edu [139.78.100.219]) by mx1.FreeBSD.org (Postfix) with ESMTP id E022E43D45 for ; Thu, 12 Jan 2006 19:58:09 +0000 (GMT) (envelope-from martin@dc.cis.okstate.edu) Received: from dc.cis.okstate.edu (localhost.cis.okstate.edu [127.0.0.1]) by dc.cis.okstate.edu (8.12.6/8.12.6) with ESMTP id k0CJw9hn091722 for ; Thu, 12 Jan 2006 13:58:09 -0600 (CST) (envelope-from martin@dc.cis.okstate.edu) Message-Id: <200601121958.k0CJw9hn091722@dc.cis.okstate.edu> To: freebsd-questions@freebsd.org Date: Thu, 12 Jan 2006 13:58:09 -0600 From: Martin McCormick Subject: Re: Strange Failure Mode in FreeBSD 4.11 X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 12 Jan 2006 19:58:10 -0000 I now realize that what actually happened here is an incorrect setup on my part of ipfw. I actually had a similar problem on another system last Summer, thought I had figured it all out, and have a time bomb waiting if that system happens to reboot since it is set up the same way.:-) In the rc.conf.local, I have: firewall_enable="YES" # Set to YES to enable firewall functionality firewall_script="/etc/rc.firewall" firewall_type="OPEN" # Firewall type (see /etc/rc.firewall) firewall_quiet="NO" # Set to YES to suppress rule display firewall_logging="YES" # Set to YES to enable events logging firewall_flags="" # Flags passed to ipfw when type is a file That makes ipfw load the rules in rc.firewall just fine. In rc.firewall, there is a place where one can include a table of local rules and that's where I am doing something wrong. The place in rc.firewall reads: # filename - will load the rules in the given filename (full path required) So, I have tried various forms of filename /etc/firewall_rules.ns and even filename - /etc/firewall_rules.ns ipfw nicely loads the rules in rc.firewall and then complains about filename not found. I even just stuck the path and file name in a line under # filename - will load the rules in the given filename (full path required) I wasn't surprised when it didn't like that either. If I replace rc.firewall with firewall_rules.ns, then only those rules get added which is why the tcp/ip stack appeared dead. What do I need to put in /etc/rc.firewall so it just includes /etc/firewall_rules.ns like the #include directive usually does? Many thanks. Martin McCormick WB5AGZ Stillwater, OK OSU Information Technology Department Network Operations Group .-- -... ..... .- --. --..