I realized this after posting I should have included info restarting rules and Joeseph has hit on it here, I now use /usr/src/share/examples/ipfw/change_rules.sh that is with the standard install for any firewall changes. It saves old rulesets, allows you to view (syntax), then confirm rule changes. If you don't confirm within a set number of seconds it does not install the new rules. I have yet to cut myself off when changing remote rules using this script.
For natd changes i have a script with the line: killall -9 natd;sleep 2;/sbin/natd -config /etc/natd.file -n fxp0 & Perhaps someone has a more elegant method ;) Regards, JD > firewall rules through that, be careful, you can cut yourself off if you are not. I always update rules in a copy of the firewall rules I use. Run it > with "rc.firewall.copy >/tmp/rules &". You can check the output by looking > at /tmp/rules. If you don't add "&" and you get cut off, the script will > not complete and may leave you in an unpredictable state. As long as you > are editing a copy of the rules, if something goes wrong, you just get > someone to reboot the computer, it will use the original rule set. To > minimize getting cut off, move your sshd rules of the external interface to > as close to the top as you can. _______________________________________________ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "[EMAIL PROTECTED]"
