Enable ipfw without rebooting
Oliver Fromme
olli at lurza.secnetix.de
Wed Sep 28 05:24:22 PDT 2005
Achim Patzner <ap at bnc.net> wrote:
> Oliver Fromme wrote:
> > No. Performing a reboot is a rather bad idea.
>
> Actually _loading kernel modules you haven't been using before_
Lots of people have been using it before. (Personally I
prefer to compile it statically in the kernel, though.)
> without scheduling a reboot (which can be cancelled just as easily as
> removing an at job) is (not only in my opinion) a stupid idea.
Apropos ideas: Not having remote console access to a
machine which is located at 800 km distance is (not only
in my opinion) a stupid idea. ;-)
> > A much better way would be a small "at" job that inserts
> > an appropriate "allow" rule:
>
> Where's the advantage?
A solution that doesn't require a reboot is always better,
especially on production machines.
This isn't Windows, after all.
For changing (and testing) rules, there's an even more
elegant (and non-[qddisruptive) solution, see:
/usr/share/examples/ipfw/change_rules.sh
Best regards
Oliver
--
Oliver Fromme, secnetix GmbH & Co. KG, Marktplatz 29, 85567 Grafing
Dienstleistungen mit Schwerpunkt FreeBSD: http://www.secnetix.de/bsd
Any opinions expressed in this message may be personal to the author
and may not necessarily reflect the opinions of secnetix in any way.
Passwords are like underwear. You don't share them,
you don't hang them on your monitor or under your keyboard,
you don't email them, or put them on a web site,
and you must change them very often.
More information about the freebsd-ipfw
mailing list