Skip site navigation (1)Skip section navigation (2)
Date:      Thu, 1 Feb 2007 20:59:00 -0500
From:      "The Admiral" <xxadmiralxx@gmail.com>
To:        freebsd-ipfw@freebsd.org
Subject:   Re: rc.firewall script not running at system boot
Message-ID:  <66f7e7af0702011759t1b4ba6a8jb988d68fe5595601@mail.gmail.com>
In-Reply-To: <000001c74663$212a10a0$0205000a@white>
References:  <66f7e7af0702011304m61385124r5876e0af3d767a55@mail.gmail.com> <002401c74657$6b169690$0205000a@white> <66f7e7af0702011611v155a3c2h6a26152d7faf9796@mail.gmail.com> <000001c74663$212a10a0$0205000a@white>

Next in thread | Previous in thread | Raw E-Mail | Index | Archive | Help
On 2/1/07, Dewayne Geraghty <dewayne.geraghty@heuristicsystems.com.au>
wrote:
>
> Hmm - I have a 9 firewalls in different locations and the information that
> you've provided seems ok. Kernel options are ok, rc.conf looks ok, is
> there
> a "client" option still in your rc.firewall.
>
> The deny rule is always the last as its meant to protect the environment
> in
> case of rc.firewall not working.  Could you try
>
> script /tmp/ipfw.lis /etc/rc.d/ipfw restart
> And examine the output as that is sure to tell you where the hangup is.
> There be a rule in the rc.firewall that makes it hang/stop.  (tired
> fingers
> sometimes leave remnant char around).



I tried executing "/etc/rc.d/ipfw restart" and sure enough, it showed that
one of my firewall rules was mistakenly entered as "addpass" while it
should've been "add pass".  I corrected the typo, but the strange thing is,
when I reboot, it still doesn't work!  Running the firewall command manually
works without error, but it isn't executed at boot.. Any other ideas? I was
sure that the typo was the problem, unfortunately that's not the case.  Oh
well, at least it seems I'm getting closer to a solution!  Thanks,

Mike


Regards, Dewayne.
> -----Original Message-----
> From: owner-freebsd-ipfw@freebsd.org [mailto:
> owner-freebsd-ipfw@freebsd.org]
> On Behalf Of The Admiral
> Sent: Friday, 2 February 2007 11:11 AM
> To: freebsd-ipfw@freebsd.org
> Subject: Re: rc.firewall script not running at system boot
>
> Hi Dewayne, thanks for the response, although I tried enclosing the YES
> option in quotes but it didn't make a difference.
>
> Mike
>
>
> On 2/1/07, Dewayne Geraghty <dewayne.geraghty@heuristicsystems.com.au>
> wrote:
> >
> > Put quotes around gateway_enable="YES"
> > Regards, Dewayne.
> >
> > -----Original Message-----
> > From: owner-freebsd-ipfw@freebsd.org [mailto:
> > owner-freebsd-ipfw@freebsd.org]
> > On Behalf Of The Admiral
> > Sent: Friday, 2 February 2007 8:04 AM
> > To: freebsd-ipfw@freebsd.org
> > Subject: rc.firewall script not running at system boot
> >
> > We had a power outage last night and I arrived at work today to find
> > that one of our machines no longer has network access (one of the few
> > machines not on a battery backup unit).  I checked to see what
> > firewall rules were enabled and the only one that was active was to
> > deny all.  It seems as though my rc.firewall script wasn't run
> > automatically when the system booted.  I rebooted to double check and
> > sure enough the only rule enabled was the deny all rule.  My rc.conffile
> has the following:
> >
> > ---------------------------------------------------------------
> > hostname="dev"
> >
> > ifconfig_em0="inet 192.168.1.120 netmask 255.255.255.0"
> > ifconfig_vr0="inet 224.87.34.72 netmask 255.255.255.248"     #real IP
> > hidden
> > on purpose
> >
> > defaultrouter="224.87.34.71"
> >
> > gateway_enable=YES
> > firewall_enable="YES"        # Set to YES to enable firewall
> functionality
> > firewall_script="/etc/rc.firewall" # Which script to run to set up the
> > firewall
> > firewall_type="client"        # Firewall type (see /etc/rc.firewall)
> >
> > ---------------------------------------------------------------
> >
> > my kernel configuration file has the following:
> >
> > ---------------------------------------------------------------
> >
> > options        IPFIREWALL        # required to use ipfw
> > options         IPFIREWALL_FORWARD
> > options         IPDIVERT        # required for natd
> > options        IPFIREWALL_VERBOSE    # Enables logging of packets that
> > pass
> > through IPFW and have the 'log' keyword specified in the rule set.
> >
> > ---------------------------------------------------------------
> >
> > When I run the rc.firewall script directly (sudo /etc/rc.firewall
> > client) all my rulesets are enabled as they should, however, the
> > rc.firewall file isn't being executed at system boot, which I'd like
> > to resolve, since it means that the machine will be inaccessible if
> > the machine is rebooted for whatever reason, and no one is there to
> > manually execute the firewall script from the console.  The strange
> > thing is, the last time I manually rebooted the machine, the script
> > was executed without a problem.. The machine hasn't been rebooted for
> > a while though, and a lot of the software has been updated in the
> > meantime, so I'm thinking that may be the cause, but I'm still unsure
> > how to go about fixing this.  Any help is greatly appreciated, thanks.
> >
> > Mike
> > _______________________________________________
> > freebsd-ipfw@freebsd.org mailing list
> > http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw
> > To unsubscribe, send any mail to "freebsd-ipfw-unsubscribe@freebsd.org"
> >
> >
> _______________________________________________
> freebsd-ipfw@freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw
> To unsubscribe, send any mail to "freebsd-ipfw-unsubscribe@freebsd.org"
>
>



Want to link to this message? Use this URL: <http://docs.FreeBSD.org/cgi/mid.cgi?66f7e7af0702011759t1b4ba6a8jb988d68fe5595601>