Hi, I'm using ipfw firewall on several machines. Rules are made by users by hand or by configuration management tools.
For this the ipfw.rules script sources other files: #!/bin/sh ipfw -q -f flush cmd="ipfw -q add" pif="epair0b" # interface name of NIC attached to Internet $cmd 00010 allow all from any to any via lo0 for RULES in `ls /etc/ipfw.rules.d/*.rules` ; do . $RULES done $cmd 09999 deny log all from any to any If a user or a script alters a file, `service ipfw restart` is called. This is working fine except one thing. Active connections like sql, syslog, ssh, etc. get broken. They are defined like $cmd 01610 allow tcp from vpn.example.org to me 22 in via $pif setup limit src-addr 50 I understand, that this connections get broken because the dynamic rules get flushed with the `ipfw -q -f flush` command. But commenting this command out results in a continuously growing rules table. With the `ipfw -d list` command I can see the dynamic rules. Is there a way to flush the rules but not the dynamic ones? Or to add them again after flush? How do you reload your rules? Thanks for help Ole
pgpNcU2pPIw6A.pgp
Description: Digitale Signatur von OpenPGP