firewall

[K Anderson]

Ryan Thompson wrote:
> K Anderson wrote to RYAN vAN GINNEKEN:
> 
> 
>>ipfw isn't some sort of daemon to be stopped and started. If you want
>>to add rules, delete rules or what ever then  you just do it.
> 
> 
> Yes, unless you're doing this over a network, in which case you want to
> make sure you don't break connectivity with an intermediate rule.
> 
> 
>>Take a look at the script in /etc/rc.firewalls and you'll see that's all
>>they are doing.
>>
>>so  your firewall file should be  a shell script. Even if you do man
>>ipfw you'll see that in no way does ipfw accept a file name as an
>>arguemnt.  Pretty simple eh?
> 
> 
> While you can write a shell script to call firewall rules (in the style
> of /etc/rc.firewall), you're wrong in your subsequent assertion; ipfw
> *does* accept a pathname to a file which, according to ipfw(8):
> 
>      To ease configuration, rules can be put into a file which is processed
>      using ipfw as shown in the first synopsis line.  An absolute pathname
>      must be used.  The file will be read line by line and applied as argu-
>      ments to the ipfw utility.
> 
> And, actually, this is pretty darn convenient, especially in conjunction
> with firewall_type="/path/to/ruleset" in rc.conf, once you have tested
> the ruleset, of course. :-)
> 
> - Ryan
> 
Hmmm, pretty neat. I re-read the man page for it and yep, it sure does 
take a file name (like you all said, and the man page said, an abolute 
path. Doh).

Thanks for the response.

:)