Date: Wed, 22 Jan 2003 13:25:28 -0500 (EST) From: "Stephen D. Kingrea" <reytech@sover.net> To: Daniel Bye <dan@slightlystrange.org> Cc: freebsd-questions@FreeBSD.ORG Subject: Re: questions about static ipfw rules Message-ID: <Pine.BSI.4.21.0301221314090.24858-100000@granite.sover.net> In-Reply-To: <20030122153013.GB80680@catflap.home.slightlystrange.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, 22 Jan 2003, Daniel Bye wrote:
>On Wed, Jan 22, 2003 at 03:18:33PM +0000, Daniel Bye wrote:
>> On Wed, Jan 22, 2003 at 09:45:09AM -0500, Stephen D. Kingrea wrote:
>> > running 4.7 with firewall, natd enabled kernel. i wish to create firewall
>> > rules outside of the rc.firewall script that remain static across
>> > reboots. to that end, i created a set (rc.firewall.rules), pointing
>> > rc.conf to that set:
>> >
>> > firewall_enable="YES"
>> > firewall_type="/etc/rc.firewall.rules"
>>
>> You should change "firewall_type" to "firewall_script". You should then
>> find all works as you want.
>
>Well, almost... If you do it this way, you need to make sure the script
>file is executable and makes sense as a shell script. I use something
>like
>
>#!/bin/sh
>IPFW=/sbin/ipfw
>${IPFW} -f flush
>${IPFW} add 100 allow ip from any to any via lo0
>... etc.
>
>It works well for me.
>
>Dan
>
yes, that worked quite well. thank you for that nugget!
i should say that joebs' suggestions concerning ipfilter are worthy of
investigation. i really just needed this to be able to ftp files from
inside my lan without having to retype rules at every boot.
thanks!
stephen
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSI.4.21.0301221314090.24858-100000>