Date: Sun, 7 Jun 1998 12:54:29 -0700 From: Jeff Kletsky <Jeff@Wagsky.com> To: freebsd-stable@FreeBSD.ORG Subject: rc.firewall and ipfw commands Message-ID: <l03110701b1a09d2cd1b9@[192.168.6.3]>
next in thread | raw e-mail | index | archive | help
After building from 2.2.6-STABLE I came across a bit of a puzzle with the apparent loss of DNS and a lot of other services on my machine. The "problem" is that the rule numbers for the hard-wired rules in rc.firewall have been changed: $fwcmd add 100 pass all from any to any via lo0 $fwcmd add 200 deny all from any to 127.0.0.0/8 Now, if you are using the supplied named firewall options, you're ok. If you are using a file containing commands, or other utilities which modify the firewall, you could be in trouble (I happen to use the previously-unused rule 100 to monitor what's bringing up dial-on-demand ppp, so it is routinely deleted and added as the link changes state). Short-term fix: --------------- Leave the rules in place so the named firewall types work. Change rc.firewall to read: $fwcmd -f flush # because "-f flush" fails in a file* $fwcmd ${firewall_type} Long-term fix: -------------- Convince the powers that be to only add the "standard" rules for the named firewall types. Jeff * Including "-f flush" as the first line of the file causes the next ipfw command in the sequence to abort execution... To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?l03110701b1a09d2cd1b9>