Skip site navigation (1)Skip section navigation (2) 
Date:      Sun, 13 Jul 2003 12:29:53 -0700
From:      Kent Stewart <kstewart@owt.com>
To:        "RYAN vAN GINNEKEN" <rmvg@computerking.ca>, <freebsd-questions@freebsd.org>
Subject:   Re: RESET FIREWALL WITHOUT REBOOT
Message-ID:  <200307131229.53217.kstewart@owt.com>
In-Reply-To: <002001c3496e$70180b40$0200a8c0@v25>
References:  <002001c3496e$70180b40$0200a8c0@v25>
next in thread | previous in thread | raw e-mail | index | archive | help 
On Sunday 13 July 2003 11:41 am, RYAN vAN GINNEKEN wrote:
> hello group
>
> I need to know how to stop and start my firewall rules without
> resetting my computer as I am on ADSL and have a dynamic ip that I do
> not want to change.  seems to change mostly when I reboot mostly.
>
> so here is the dilemma I run bind apache bincimap postfix and a few
> others it is my only server right now and it cant go down because if
> I do not get my clients emails I go bankrupt.
>
> I what to set up a firewall and have compiled the necessary items
> into the kernel did this when I first set up my system many reboots
> ago
> options IPFIREWALL
> options IPFIREWALL_VERBOSE
> options IPDIVERT
>
> I have created a file called rc.fw4
> and I have set my rc.conf
>
> #ipv4 firewall
> firewall_enable="YES"
> firewall_type="/etc/rc.fw4"
> firewall_script="/etc/rc.firewall"
> firewall_quiet="NO"
>
> IS THERE A WAY ACTIVATE ALL THIS WITHOUT A REBOOT
> ALSO IS THERE A WAY DE-ACTIVATE ALL THIS WITHOUT A REBOOT IN CASE
> SOMETHING GOES WRONG WHICH USUALLY DOES WITH MY FIREWALL RULES

Before I would start testing new rules on a remote machine, I would at 
the following script for something like 10 minutes in the future. That 
way if I couldn't do anything, in 10 minutes everything would be reset. 
If everything worked, it let me cancel the at. 

I called it clnipfw and it looks like

# cat clnipfw
#! /bin/sh
ipfw -f flush
ipfw add divert natd all from any to any via ep0
ipfw add pass all from any to any

-- 
Kent Stewart
Richland, WA

http://users.owt.com/kstewart/index.html

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200307131229.53217.kstewart>