From owner-freebsd-questions@FreeBSD.ORG Sat Jan 31 06:36:01 2004 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id DEA2E16A4CE for ; Sat, 31 Jan 2004 06:36:01 -0800 (PST) Received: from mxfep02.bredband.com (mxfep02.bredband.com [195.54.107.73]) by mx1.FreeBSD.org (Postfix) with ESMTP id 736C043D2F for ; Sat, 31 Jan 2004 06:35:59 -0800 (PST) (envelope-from peder.blom@bredband.net) Received: from Hecate.my.hell ([213.113.217.172] [213.113.217.172]) by mxfep02.bredband.com with SMTP id <20040131143558.KPRI25913.mxfep02.bredband.com@Hecate.my.hell>; Sat, 31 Jan 2004 15:35:58 +0100 Date: Sat, 31 Jan 2004 15:35:21 +0100 From: Peder Blom To: ecrist@adtechintegrated.com Message-Id: <20040131153521.1d660315.peder.blom@bredband.net> In-Reply-To: <200401301947.54492.ecrist@adtechintegrated.com> References: <200401301846.52757.ecrist@adtechintegrated.com> <401AFCBB.1010300@mac.com> <200401301947.54492.ecrist@adtechintegrated.com> X-Mailer: Sylpheed version 0.9.8a (GTK+ 1.2.10; i386-portbld-freebsd4.8) Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit cc: freebsd-questions@freebsd.org Subject: Re: where am I supposed to put my rc.firewall? X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 31 Jan 2004 14:36:02 -0000 On Fri, 30 Jan 2004 19:47:47 -0600 Eric F Crist wrote: > On Friday 30 January 2004 06:54 pm, Chuck Swiger wrote: > > Eric F Crist wrote: > > > I'm trying to add IPFW support. Where do I put my rc.firewall so > > > that it gets read at boot time? I've tried /usr/local/etc/rc.d > > > and /etc but neither seems to get read. > > > > Specify the location of your firewall script in /etc/rc.conf like > > so: > > > > firewall_enable='YES' > > firewall_type='/etc/ERICS_firewall' > > firewall_flags='-p /usr/bin/cpp' > > > > [ You might choose to use some other preprocessor... ] > > Well, here's what I have now. I have a file in /etc called > grog.firewall. It's contents are: > > grog# more grog.firewall > ipfw -f flush > ipfw add 100 pass all from any to any via lo0 > ipfw add 200 deny all from any to 127.0.0.0/8 > ipfw add 300 deny ip from 127.0.0.0/8 to any > ipfw add 600 allow all from any to any > > In my /etc/rc.conf file, I have the following two entries pertaining > to the firewall: > > firewall_enable="YES" > firewall_type="/etc/grog.firewall" Add this to your rc.conf: (instead of firewall_type=...): firewall_script="/etc/grog.firewall" See /etc/defaults/rc.conf !