Thanks to all who replied, lots of food for thought!
Maybe my setup is a little different than what people use because I have different rule sets in /etc/rc.firewall
>>(which is the default with OPEN, SIMPLE and CLIENT) >>[...]
>>rules, rather than keep sets in /etc/rc.firewall?Good advice against lock-outs though. Is generally the preferred approach to use different files for different
I usually keep a bunch of ipfw rulesets around in files named /etc/ipfw.xxxx or /etc/ipf.yyyy and then set my firewall_type="" (or ipfilter_rules="" to the full path (it *is* important to use the full path, at least for ipfw rulesets) when switching among them:
# ipfw -q /etc/ipfw.open # ipfw -q /etc/ipfw.paranoid
>>And if so, how do you set this up in /etc/rc.conf, since
the firewall type by default looks at rc.firewall...
There is a post I made in -questions a while ago that explains all this in a bit of detail. Look at the archives, please..
Right now my ISP is having serious problems and I can't reach google.com at all, but look at groups.google.com for something like this:
author:keramidas & group:*freebsd* & ipfw & firewall_type
and you shouldn't have trouble spotting the correct post.
Using the same approach as writing a script to carry out the sh /etc/rc.firewall command.> firewall_type variable and then do the firewall rules e.g.:
You could either have different scripts to pass the
open-firewall.sh: --- #!/bin/sh FIREWALL_TYPE="OPEN" sh /etc/rc.firewall ---
Nope, that will probably not work...
Capitalization does matter. It's firewall_type in all lowercase. Not FIREWALL_TYPE. But then, even if you get the capitalization right, rc.firewall will load rc.conf and override this value from the environment the script runs.
I'm really not a shell scripting person (networking is my area),
> so I can't say this will definitely work but... kind of sounds > right. Perhaps someone with more shell scripting experise can > comment.
It'll work fine if rc.conf doesn't override firewall_type :-)
Let me know how you get on. Wouldn't mind knowing for sure what's the correct approach.
I tried to outline all possible ways of loading rules with the rc.firewall script, without it, manually or whatever in the post mentioned above. Just search the archives. I can't help you with the searching ATM :-/
- Giorgos
_______________________________________________ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"