Skip site navigation (1)Skip section navigation (2) 
Date:      Thu, 12 Jan 2006 17:11:24 -0800
From:      James Long <list@museum.rain.com>
To:        freebsd-questions@freebsd.org
Cc:        Martin McCormick <martin@dc.cis.okstate.edu>
Subject:   Re: Strange Failure Mode in FreeBSD 4.11
Message-ID:  <20060113011124.GA7742@ns.museum.rain.com>
In-Reply-To: <20060112220016.DA6F616A41F@hub.freebsd.org>
References:  <20060112220016.DA6F616A41F@hub.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help 
> Date: Thu, 12 Jan 2006 13:58:09 -0600
> From: Martin McCormick <martin@dc.cis.okstate.edu>
> Subject: Re: Strange Failure Mode in FreeBSD 4.11 
> To: freebsd-questions@freebsd.org
> Message-ID: <200601121958.k0CJw9hn091722@dc.cis.okstate.edu>
> 
> 	In the rc.conf.local, I have:
> 
> firewall_enable="YES"		# Set to YES to enable firewall functionality
> firewall_script="/etc/rc.firewall"
> firewall_type="OPEN"		# Firewall type (see /etc/rc.firewall)
> firewall_quiet="NO"		# Set to YES to suppress rule display
> firewall_logging="YES"           # Set to YES to enable events logging
> firewall_flags=""		# Flags passed to ipfw when type is a file
> 
> 	That makes ipfw load the rules in rc.firewall just fine.  In
> rc.firewall, there is a place where one can include a table of local
> rules and that's where I am doing something wrong.  The place in
> rc.firewall reads:
> 
> #   filename - will load the rules in the given filename (full path required)
> 
> 	So, I have tried various forms of
> 
> filename /etc/firewall_rules.ns
> 
> and even 
> 
> filename - /etc/firewall_rules.ns

snip


> 	What do I need to put in /etc/rc.firewall so it just includes
> /etc/firewall_rules.ns like the #include directive usually does?

You need to put

firewall_type="/etc/firewall_rules.ns"

in /etc/rc.conf.

If that file is readable, it will be passed to ipfw, as per these lines
in rc.firewall:

*)
        if [ -r "${firewall_type}" ]; then
                ${fwcmd} ${firewall_flags} ${firewall_type}
        fi
        ;;

> 	Many thanks.

An equal but opposite number of welcomes.

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20060113011124.GA7742>