From owner-freebsd-ipfw@FreeBSD.ORG Tue Apr 3 10:23:10 2007 Return-Path: X-Original-To: freebsd-ipfw@freebsd.org Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id D38FB16A404 for ; Tue, 3 Apr 2007 10:23:10 +0000 (UTC) (envelope-from mtm@FreeBSD.Org) Received: from mx1.ethionet.et (mx1.ethionet.et [213.55.64.53]) by mx1.freebsd.org (Postfix) with ESMTP id 46CC013C448 for ; Tue, 3 Apr 2007 10:23:10 +0000 (UTC) (envelope-from mtm@FreeBSD.Org) Received: from mx1.ethionet.et (localhost [127.0.0.1]) by localhost.ethionet.et (Postfix) with ESMTP id E3696503D; Tue, 3 Apr 2007 12:57:01 +0300 (EAT) Received: from rogue.navcom.lan (unknown [213.55.64.98])by mx1.ethionet.et ( Postfix) with SMTP id 9F06C502A;Tue, 3 Apr 2007 12:57:00 +0300 (EAT) Received: by rogue.navcom.lan (Postfix, from userid 1001)id D87FC1701D; Tue, 3 Apr 2007 13:03:24 +0300 (EAT) Date: Tue, 3 Apr 2007 13:03:24 +0300 From: Mike Makonnen To: AT Matik Message-ID: <20070403100324.GA1710@rogue.navcom.lan> References: <200704021540.l32FerX8074400@freefall.freebsd.org> <200704021302 .52345.asstec@matik.com.br> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <200704021302.52345.asstec@matik.com.br> User-Agent: Mutt/1.4.2.2i X-Operating-System: FreeBSD/7.0-CURRENT (i386) X-imss-version: 2.46 X-imss-result: Passed X-imss-scores: Clean:99.90000 C:2 M:3 S:5 R:5 X-imss-settings: Baseline:4 C:3 M:3 S:4 R:3 (1.0000 1.0000) Cc: jonw@whoweb.com, freebsd-ipfw@freebsd.org Subject: Re: conf/78762: [ipfw] [patch] /etc/rc.d/ipfw should excecute $fire wall_script not read it X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 03 Apr 2007 10:23:10 -0000 On Mon, Apr 02, 2007 at 01:02:51PM -0300, AT Matik wrote: > On Monday 02 April 2007 12:40, Mike Makonnen wrote: > > Synopsis: [ipfw] [patch] /etc/rc.d/ipfw should excecute $firewall_script > > not read it > > > > State-Changed-From-To: open->patched > > State-Changed-By: mtm > > State-Changed-When: Mon Apr 2 15:40:10 UTC 2007 > > State-Changed-Why: > > Patched in -CURRENT. > > MFC-After: 2 weeks > > > > http://www.freebsd.org/cgi/query-pr.cgi?pr=78762 > > > btw, is this > > ${SYSCTL_W} net.inet.ip.fw.enable=1 > > which comes after loading firewall_script in /etc/rc.d/ipfw is beeing > corrected also? Probably better setting this in ipfw_precmd () I'm not sure I understand. Are you saying the firewall should be enabled in a precmd() subroutine? If so, I don't think that's a good idea. The firewall should be enabled only after the firewall script has been *successfully* loaded. Cheers. -- Mike Makonnen | GPG-KEY: http://people.freebsd.org/~mtm/mtm.asc mmakonnen @ gmail.com | AC7B 5672 2D11 F4D0 EBF8 5279 5359 2B82 7CD4 1F55 mtm @ FreeBSD.Org | FreeBSD - http://www.freebsd.org