Date: Mon, 20 Dec 2010 18:10:10 GMT From: Chris St Denis <chris@smartt.com> To: freebsd-ipfw@FreeBSD.org Subject: Re: bin/153252: [ipfw][patch] ipfw lockdown system in subsequent call of "/etc/rc.d/ipfw start" Message-ID: <201012201810.oBKIAA3F080778@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
The following reply was made to PR bin/153252; it has been noted by GNATS. From: Chris St Denis <chris@smartt.com> To: bug-followup@FreeBSD.org, AlexJ@freebsd.forum Cc: Subject: Re: bin/153252: [ipfw][patch] ipfw lockdown system in subsequent call of "/etc/rc.d/ipfw start" Date: Mon, 20 Dec 2010 09:45:04 -0800 If I understand this problem correctly, the lockdown is caused by the ssh session getting killed off between the "${fwcmd} -f flush" and the subsequent add rules in rc.firewall (or other user-defined custom script). If this is the case, couldn't the issue be resolved with a simple patch along the lines of this? --- ipfw.old 2010-12-20 09:41:02.000000000 -0800 +++ ipfw 2010-12-20 09:42:02.000000000 -0800 @@ -43,7 +43,7 @@ [ -z "${firewall_script}" ] && firewall_script=/etc/rc.firewall if [ -r "${firewall_script}" ]; then - /bin/sh "${firewall_script}" "${_firewall_type}" + /usr/bin/nohup /bin/sh "${firewall_script}" "${_firewall_type}" echo 'Firewall rules loaded.' elif [ "`ipfw list 65535`" = "65535 deny ip from any to any" ]; then echo 'Warning: kernel has firewall functionality, but' \ -- Chris St Denis Programmer SmarttNet (www.smartt.com) Ph: 604-473-9700 Ext. 200 ------------------------------------------- "Smart Internet Solutions For Businesses"
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201012201810.oBKIAA3F080778>