I haven't seen someone use "firewall_type" as a path to the config file.
If you check the default rc.firewall file, you will see several types of
default firewall settings, such as "open" and "closed". You want to set
"firewall_type" in rc.conf to be "open" or whatever your firewall type
is in /etc/rc.firewall.
You can probably get away with editing your existing rc.firewall to
include a firewall type, such as "custom", then defining firewall_type
as "custom" in /etc/rc.conf.
Enjoy,
On 11/14/10 14:50, Grant Peel wrote:
Hi all,
I seem to have one server that does not flush the /etc/rc.firewall
rules when the script taken from "firewall_type" starts up. That is
to say when I boot the machine, 3 rules seem to be still in the list
when I do an ipfw -a list. Those three rules appear to be from the
/etc.rc.firewall script. The rules from my /etc/ipfw.rules file DO get
loaded.
Here are the three rules (100, 200, and 300), from /etc/rc.firewall.
setup_loopback () {
############
# Only in rare cases do you want to change these rules
#
${fwcmd} add 100 pass all from any to any via lo0
${fwcmd} add 200 deny all from any to 127.0.0.0/8
${fwcmd} add 300 deny ip from 127.0.0.0/8 to any
Here is my /etc/rc,conf setup:
firewall_enable="YES"
firewall_logging="YES"
firewall_type="/etc/ipfw.rules"
Here is my /etc/ipfw.rules:
enterprise# more /etc/ipfw.rules
# Loopback
add 00001 allow ip from any to any via lo0
# Office and Home
add 00200 allow ip from xxx xxx xxx xxx xxx to any
add 00201 allow ip from any to xxx xxx xxx xxx
add 00202 allow all from xxx xxx xxx xxx to any
add 00203 allow all from any to xxx xxx xxx xxx
# Allow fxp0 out
add 00204 allow all from any to any out
# Allow local net
add 02000 allow ip from any to any via fxp1
# email
add 04000 allow all from xxx xxx xxx xxx to any
add 04010 allow all from any to xxx xxx xxx xxx
add 04020 allow all from xxx xxx xxx xxx to any
add 04030 allow all from any to xxx xxx xxx xxx
add 04040 allow tcp from any to any 25,587
add 04050 allow tcp from any 25,587 to any
# Bruteblock
add 08000 deny ip from table(1) to me
add 08001 deny ip from me to table(1)
add 09050 allow udp from any to any 53 in
# Email Test
add 09100 allow icmp from any to any icmptypes
0,3,4,5,8,9,10,11,12,13,14,15,16,17,18
add 65535 deny ip from any to any
Oddly enough, I have several machies that are setup identicly and this
is the only one that has stikky rules from /etc/rc.firewall.
Any one have any idea what knob might have been turned that causes the
sticky startup rules?
-Grant
_______________________________________________
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to
"freebsd-questions-unsubscr...@freebsd.org"
--
Dave Robison
Sales Solution Architect II
FIS Banking Solutions
510/621-2089 (w)
530/518-5194 (c)
510/621-2020 (f)
da...@vicor.com
This message contains confidential and proprietary information
of the sender, and is intended only for the person(s) to whom
it is addressed. Any use, distribution, copying or disclosure
by any other person is strictly prohibited. If you have
received this message in error, please notify the e-mail sender
immediately, and delete the original message without making a
copy.
_____________
The information contained in this message is proprietary and/or confidential.
If you are not the intended recipient, please: (i) delete the message and all
copies; (ii) do not disclose, distribute or use the message in any manner; and
(iii) notify the sender immediately. In addition, please be aware that any
message addressed to our domain is subject to archiving and review by persons
other than the intended recipient. Thank you.
_____________
_______________________________________________
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
