Reload rules
Ian Smith
smithi at nimnet.asn.au
Thu Feb 2 14:52:43 UTC 2017
On Thu, 2 Feb 2017 12:08:31 -0200, Francisco Ramon wrote:
> Hello!
> I´m trying to biuld a IPFW script and i´m using some dynamic rules
> (with keep-state). The problem occur when I need to restart the
> script, to reload new or eddited rules... When I execute the "ipfw -f
> flush", off course dynamic rules are erased. The problem is: Some or
> all of then in my case, should not be erased. Is there any
> possibility to reload the rules, keeping the dynamic rules?
I don't know (by trying it) whether this will work, but ipfw(8) says:
set set_number
[..]
Set 31 is special in that it cannot be disabled, and rules in set
31 are not deleted by the ipfw flush command (but you can delete
them with the ipfw delete set 31 command). Set 31 is also used
for the default rule.
So you could try adding your dynamic rules to set 31 and check that they
(and unexpired dynamic flows) survive a flush, with 'ipfw -ted show' ?
cheers, Ian
More information about the freebsd-ipfw
mailing list