Enable ipfw without rebooting
Achim Patzner
ap at bnc.net
Wed Sep 28 04:36:51 PDT 2005
Am 28.09.2005 um 13:04 schrieb Oliver Fromme:
>>> Try loading the IPFW KLD ("kldload ipfw").
>>
>> And remember - doing a "shutdown -r +10" before trying might be a
>> good idea - last time I did this I found out the hard way that the
>> kernel module was built with a default action of "deny all from any
>> to any".
>
> No. Performing a reboot is a rather bad idea.
Actually _loading kernel modules you haven't been using before_
without scheduling a reboot (which can be cancelled just as easily as
removing an at job) is (not only in my opinion) a stupid idea.
> A much better way would be a small "at" job that inserts
> an appropriate "allow" rule:
Where's the advantage? A reboot (on a well-maintained) machine should
get me back to the state it was before I started tinkering with
kernel modules. And shutdown is astonishingly resilient - if the
kernel didn't find a way to merrily spin around a lock in a place the
sun doesn't reach it usually works.
The same applies to other devices (e.g. Cisco routers), too. I'm a
Barbarian - why should I argue with ipfw if a battle axe would get
the same result more comfortably?
Achim
More information about the freebsd-ipfw
mailing list