firewall
K Anderson
freebsduser at comcast.net
Tue Jul 15 02:49:00 PDT 2003
Ryan Thompson wrote:
> K Anderson wrote to RYAN vAN GINNEKEN:
>
>
>>ipfw isn't some sort of daemon to be stopped and started. If you want
>>to add rules, delete rules or what ever then you just do it.
>
>
> Yes, unless you're doing this over a network, in which case you want to
> make sure you don't break connectivity with an intermediate rule.
>
>
>>Take a look at the script in /etc/rc.firewalls and you'll see that's all
>>they are doing.
>>
>>so your firewall file should be a shell script. Even if you do man
>>ipfw you'll see that in no way does ipfw accept a file name as an
>>arguemnt. Pretty simple eh?
>
>
> While you can write a shell script to call firewall rules (in the style
> of /etc/rc.firewall), you're wrong in your subsequent assertion; ipfw
> *does* accept a pathname to a file which, according to ipfw(8):
>
> To ease configuration, rules can be put into a file which is processed
> using ipfw as shown in the first synopsis line. An absolute pathname
> must be used. The file will be read line by line and applied as argu-
> ments to the ipfw utility.
>
> And, actually, this is pretty darn convenient, especially in conjunction
> with firewall_type="/path/to/ruleset" in rc.conf, once you have tested
> the ruleset, of course. :-)
>
> - Ryan
>
Hmmm, pretty neat. I re-read the man page for it and yep, it sure does
take a file name (like you all said, and the man page said, an abolute
path. Doh).
Thanks for the response.
:)
More information about the freebsd-questions
mailing list