conf/78762: [ipfw] [patch] /etc/rc.d/ipfw should excecute $fire
wall_script not read it
AT Matik
asstec at matik.com.br
Tue Apr 3 11:04:37 UTC 2007
On Tuesday 03 April 2007 07:03, Mike Makonnen wrote:
> I'm not sure I understand. Are you saying the firewall should be enabled
> in a precmd() subroutine? If so, I don't think that's a good idea. The
> firewall should be enabled only after the firewall script has been
> *successfully* loaded.
I see your point
but first tell me, how do you know that the rules are *successfully* loaded?
then, this is about /etc/rc.d/ipfw ok, then ipfw_start checks if
firewall-script exist and reads it what was long time wrong, fortunatly fixed
now, so it executes now
then checks if rule 65535 returnes "65535 deny ip from any to any" what also
is wrong and is ok only on stock kernel/ipfw with default to deny
then at the end, regardless of any former checks ipfw_start enables
net.inet.ip.fw.enable
what obviously is wrong then
firstable no check if it is or not to do so, it does not even check if ipfw is
loaded or not, ipfw_precmd might have failed or ipfw is default to accept
João
A mensagem foi scaneada pelo sistema de e-mail e pode ser considerada segura.
Service fornecido pelo Datacenter Matik https://datacenter.matik.com.br
More information about the freebsd-ipfw
mailing list