Date: Sun, 7 Jun 1998 12:54:29 -0700 From: Jeff Kletsky <Jeff@Wagsky.com> To: freebsd-stable@FreeBSD.ORG Subject: rc.firewall and ipfw commands Message-ID: <l03110701b1a09d2cd1b9@[192.168.6.3]>
next in thread | raw e-mail | index | archive | help
After building from 2.2.6-STABLE I came across a bit of a puzzle with the
apparent loss of DNS and a lot of other services on my machine. The
"problem" is that the rule numbers for the hard-wired rules in rc.firewall
have been changed:
$fwcmd add 100 pass all from any to any via lo0
$fwcmd add 200 deny all from any to 127.0.0.0/8
Now, if you are using the supplied named firewall options, you're ok. If
you are using a file containing commands, or other utilities which modify
the firewall, you could be in trouble (I happen to use the
previously-unused rule 100 to monitor what's bringing up dial-on-demand
ppp, so it is routinely deleted and added as the link changes state).
Short-term fix:
---------------
Leave the rules in place so the named firewall types work.
Change rc.firewall to read:
$fwcmd -f flush # because "-f flush" fails in a file*
$fwcmd ${firewall_type}
Long-term fix:
--------------
Convince the powers that be to only add the "standard" rules for the named
firewall types.
Jeff
* Including "-f flush" as the first line of the file causes the next ipfw
command in the sequence to abort execution...
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-stable" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?l03110701b1a09d2cd1b9>