Skip site navigation (1)Skip section navigation (2) 
Date:      Thu, 11 Oct 2001 08:38:53 -0500
From:      David Kelly <dkelly@hiwaay.net>
To:        Louis LeBlanc <leblanc@smtp.ne.mediaone.net>
Cc:        freebsd-questions@FreeBSD.ORG
Subject:   Re: IPFW, natd, and one big headache
Message-ID:  <20011011083853.A1363@grumpy.dyndns.org>
In-Reply-To: <20011010225621.B1037@acadia.ne.mediaone.net>; from leblanc@smtp.ne.mediaone.net on Wed, Oct 10, 2001 at 10:56:21PM -0400
References:  <leblanc%2Bfreebsd@smtp.ne.mediaone.net> <20011010212942.A1037@acadia.ne.mediaone.net> <200110110210.f9B2Atw99386@grumpy.dyndns.org> <20011010225621.B1037@acadia.ne.mediaone.net>
next in thread | previous in thread | raw e-mail | index | archive | help 
On Wed, Oct 10, 2001 at 10:56:21PM -0400, Louis LeBlanc wrote:
> 
> > No need to reboot to debug your firewall and dhclient. Simply kill 
> > dhclient and start it again with "dhclient xl0"
> 
> How will this affect natd if it is running?

Doesn't affect natd at all unless you delete your divert rule. You can
kill and restart natd if you would like but any established link would
be lost.

Meanwhile you are simply inserting and deleting one ipfw rule at a time
from the keyboard without resetting the entire firewall with a flush? Or
re-running your firewall rules script?  Right? That's something I ment
to be saying in the previous message but might not have been clear.
Something like this:

grumpy: [1005] ipfw add 1590 deny tcp from any to any 113 in recv fxp0
01590 deny tcp from any to any 113 in recv fxp0
grumpy: [1006] ipfw delete 1590
grumpy: [1007] 

And finally (maybe?) I like to use this in an xterm while playing with
the firewall, "less +F /var/log/security", which is much the same as
"tail -f" but with the ability to /-search and highlight things such as
"Deny" as they scroll by. One day I'll figure out how to wrap the search
for "Deny" in that command line. Initial 5 minute effort failed way back
when. I use it in an alias:

alias security less +F /var/log/security

For less, I find this useful in ~/.cshrc:

if ( -x /usr/bin/less ) then
        setenv  PAGER   /usr/bin/less
else if ( -x /usr/local/bin/less ) then
        setenv  PAGER   /usr/local/bin/less
endif
setenv  LESS    '-aisMj5'

The options to less highlight search hits, first hit on line 5 of the
screen, and multiple blank lines are collapsed into one making man pages
easier to read on screen.

-- 
David Kelly N4HHE, dkelly@hiwaay.net
=====================================================================
The human mind ordinarily operates at only ten percent of its
capacity -- the rest is overhead for the operating system.

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20011011083853.A1363>