From owner-freebsd-questions@FreeBSD.ORG Thu Jan 12 22:03:16 2006 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 7C4C916A41F for ; Thu, 12 Jan 2006 22:03:16 +0000 (GMT) (envelope-from nalists@scls.lib.wi.us) Received: from mail.scls.lib.wi.us (mail.scls.lib.wi.us [198.150.40.25]) by mx1.FreeBSD.org (Postfix) with ESMTP id 2159E43D4C for ; Thu, 12 Jan 2006 22:03:16 +0000 (GMT) (envelope-from nalists@scls.lib.wi.us) Received: from [172.26.2.238] ([172.26.2.238]) by mail.scls.lib.wi.us (8.12.9p2/8.12.9) with ESMTP id k0CM2xR4089663; Thu, 12 Jan 2006 16:02:59 -0600 (CST) (envelope-from nalists@scls.lib.wi.us) Message-ID: <43C6D212.2010202@scls.lib.wi.us> Date: Thu, 12 Jan 2006 16:02:58 -0600 From: Greg Barniskis User-Agent: Mozilla Thunderbird 1.0.7 (Windows/20050923) X-Accept-Language: en-us, en MIME-Version: 1.0 To: fbsd_user@a1poweruser.com References: In-Reply-To: Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: Martin McCormick , freebsd-questions@freebsd.org Subject: Re: Strange Failure Mode in FreeBSD 4.11 X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 12 Jan 2006 22:03:16 -0000 fbsd_user wrote: > The firewall section of the handbook states that the > rc.firewall file is an example. > You really should read the firewall section of the handbook > and use the working examples contained there. Oh, most definitely yes. I was assuming Martin (the OP) knew this since he clearly had gone to the trouble of writing custom rules, and that the problem was just one of successful integration. I only use the stock rc.firewall for basic testing, training and POC work, otherwise I do something like this: > cp rc.firewall custom.ipfw, edit to your needs and use > firewall_type="/etc/custom.ipfw" And having glanced at the handbook just now, I believe that I flubbed that assertion above, and the proper use is firewall_script="/etc/custom.ipfw" with firewall_type being used to select from within a multi-mode case structure such as rc.firewall has. Sorry, it's been a long while since I actually edited any part of my firewall rules (love that FreeBSD stability ;). -- Greg Barniskis, Computer Systems Integrator South Central Library System (SCLS) Library Interchange Network (LINK) , (608) 266-6348