Date: Mon, 20 Dec 2010 18:10:10 GMT From: Chris St Denis <chris@smartt.com> To: freebsd-ipfw@FreeBSD.org Subject: Re: bin/153252: [ipfw][patch] ipfw lockdown system in subsequent call of "/etc/rc.d/ipfw start" Message-ID: <201012201810.oBKIAA3F080778@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
The following reply was made to PR bin/153252; it has been noted by GNATS.
From: Chris St Denis <chris@smartt.com>
To: bug-followup@FreeBSD.org, AlexJ@freebsd.forum
Cc:
Subject: Re: bin/153252: [ipfw][patch] ipfw lockdown system in subsequent
call of "/etc/rc.d/ipfw start"
Date: Mon, 20 Dec 2010 09:45:04 -0800
If I understand this problem correctly, the lockdown is caused by the
ssh session getting killed off between the "${fwcmd} -f flush" and the
subsequent add rules in rc.firewall (or other user-defined custom script).
If this is the case, couldn't the issue be resolved with a simple patch
along the lines of this?
--- ipfw.old 2010-12-20 09:41:02.000000000 -0800
+++ ipfw 2010-12-20 09:42:02.000000000 -0800
@@ -43,7 +43,7 @@
[ -z "${firewall_script}" ] && firewall_script=/etc/rc.firewall
if [ -r "${firewall_script}" ]; then
- /bin/sh "${firewall_script}" "${_firewall_type}"
+ /usr/bin/nohup /bin/sh "${firewall_script}"
"${_firewall_type}"
echo 'Firewall rules loaded.'
elif [ "`ipfw list 65535`" = "65535 deny ip from any to any" ];
then
echo 'Warning: kernel has firewall functionality, but' \
--
Chris St Denis
Programmer
SmarttNet (www.smartt.com)
Ph: 604-473-9700 Ext. 200
-------------------------------------------
"Smart Internet Solutions For Businesses"
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201012201810.oBKIAA3F080778>