Date: Fri, 30 Jan 2004 19:47:47 -0600 From: Eric F Crist <ecrist@adtechintegrated.com> To: Chuck Swiger <cswiger@mac.com> Cc: freebsd-questions@freebsd.org Subject: Re: where am I supposed to put my rc.firewall? Message-ID: <200401301947.54492.ecrist@adtechintegrated.com> In-Reply-To: <401AFCBB.1010300@mac.com> References: <200401301846.52757.ecrist@adtechintegrated.com> <401AFCBB.1010300@mac.com>
next in thread | previous in thread | raw e-mail | index | archive | help
--Boundary-02=_KlwGAQV7GLJNs63 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Content-Description: signed data Content-Disposition: inline On Friday 30 January 2004 06:54 pm, Chuck Swiger wrote: > Eric F Crist wrote: > > I'm trying to add IPFW support. Where do I put my rc.firewall so that = it > > gets read at boot time? I've tried /usr/local/etc/rc.d and /etc but > > neither seems to get read. > > Specify the location of your firewall script in /etc/rc.conf like so: > > firewall_enable=3D'YES' > firewall_type=3D'/etc/ERICS_firewall' > firewall_flags=3D'-p /usr/bin/cpp' > > [ You might choose to use some other preprocessor... ] Well, here's what I have now. I have a file in /etc called grog.firewall. = =20 It's contents are: grog# more grog.firewall ipfw -f flush ipfw add 100 pass all from any to any via lo0 ipfw add 200 deny all from any to 127.0.0.0/8 ipfw add 300 deny ip from 127.0.0.0/8 to any ipfw add 600 allow all from any to any In my /etc/rc.conf file, I have the following two entries pertaining to the= =20 firewall: firewall_enable=3D"YES" firewall_type=3D"/etc/grog.firewall" Now, this is a headless system, so I access it through the serial port. I= =20 don't see any errors anywhere, but my ipfw show command, immediately after= =20 boot, shows: 65535 481 38684 deny ip from any to any What have I done wrong? =2D-=20 Eric F Crist AdTech Integrated Systems, Inc (612) 998-3588 --Boundary-02=_KlwGAQV7GLJNs63 Content-Type: application/pgp-signature Content-Description: signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (FreeBSD) iD8DBQBAGwlKzdyDbTMRQIYRAryKAJ9+0rKW1mSDtLSR/Dgo3+cNN3s54ACg4isK y87GyoKLKUEL6N9KySQlYWY= =LXp1 -----END PGP SIGNATURE----- --Boundary-02=_KlwGAQV7GLJNs63--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200401301947.54492.ecrist>