Re: where am I supposed to put my rc.firewall?
From: Eric F Crist (ecrist_at_adtechintegrated.com)
Date: 01/31/04
- Previous message: Mike Oliveri: "SpamAssassin quits after upgrade"
- Maybe in reply to: Eric F Crist: "where am I supposed to put my rc.firewall?"
- Next in thread: Eric F Crist: "Re: where am I supposed to put my rc.firewall?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
To: <Barbish3@adelphia.net> Date: Fri, 30 Jan 2004 22:07:24 -0600
On Friday 30 January 2004 09:34 pm, JJB wrote:
> firewall_type="/etc/grog.firewall"
>
> is wrong, replace it with
>
> firewall_srcipt='/etc/grog.firewall '
>
> -----Original Message-----
> From: owner-freebsd-questions@freebsd.org
> [mailto:owner-freebsd-questions@freebsd.org]On Behalf Of Eric F
> Crist
> Sent: Friday, January 30, 2004 8:48 PM
> To: Chuck Swiger
> Cc: freebsd-questions@freebsd.org
> Subject: Re: where am I supposed to put my rc.firewall?
>
> On Friday 30 January 2004 06:54 pm, Chuck Swiger wrote:
> > Eric F Crist wrote:
> > > I'm trying to add IPFW support. Where do I put my rc.firewall
>
> so that it
>
> > > gets read at boot time? I've tried /usr/local/etc/rc.d and /etc
>
> but
>
> > > neither seems to get read.
> >
> > Specify the location of your firewall script in /etc/rc.conf like
>
> so:
> > firewall_enable='YES'
> > firewall_type='/etc/ERICS_firewall'
> > firewall_flags='-p /usr/bin/cpp'
> >
> > [ You might choose to use some other preprocessor... ]
>
> Well, here's what I have now. I have a file in /etc called
> grog.firewall.
> It's contents are:
>
> grog# more grog.firewall
> ipfw -f flush
> ipfw add 100 pass all from any to any via lo0
> ipfw add 200 deny all from any to 127.0.0.0/8
> ipfw add 300 deny ip from 127.0.0.0/8 to any
> ipfw add 600 allow all from any to any
>
> In my /etc/rc.conf file, I have the following two entries pertaining
> to the
> firewall:
>
> firewall_enable="YES"
> firewall_type="/etc/grog.firewall"
>
> Now, this is a headless system, so I access it through the serial
> port. I
> don't see any errors anywhere, but my ipfw show command, immediately
> after
> boot, shows:
>
> 65535 481 38684 deny ip from any to any
>
> What have I done wrong?
> --
> Eric F Crist
> AdTech Integrated Systems, Inc
> (612) 998-3588
Ok, I'll change that. This script still seems to cause connection problems.
Which rules do I need to change? This should be a wide-open firewall script,
right?
TIA
-- Eric F Crist AdTech Integrated Systems, Inc (612) 998-3588
- application/pgp-signature attachment: signature
- Previous message: Mike Oliveri: "SpamAssassin quits after upgrade"
- Maybe in reply to: Eric F Crist: "where am I supposed to put my rc.firewall?"
- Next in thread: Eric F Crist: "Re: where am I supposed to put my rc.firewall?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Relevant Pages
|
|
