where am I supposed to put my rc.firewall?

Eric F Crist ecrist at adtechintegrated.com
Fri Jan 30 20:07:44 PST 2004 

On Friday 30 January 2004 09:34 pm, JJB wrote:
> firewall_type="/etc/grog.firewall"
>
> is wrong,  replace it with
>
> firewall_srcipt='/etc/grog.firewall '
>
> -----Original Message-----
> From: owner-freebsd-questions at freebsd.org
> [mailto:owner-freebsd-questions at freebsd.org]On Behalf Of Eric F
> Crist
> Sent: Friday, January 30, 2004 8:48 PM
> To: Chuck Swiger
> Cc: freebsd-questions at freebsd.org
> Subject: Re: where am I supposed to put my rc.firewall?
>
> On Friday 30 January 2004 06:54 pm, Chuck Swiger wrote:
> > Eric F Crist wrote:
> > > I'm trying to add IPFW support.  Where do I put my rc.firewall
>
> so that it
>
> > > gets read at boot time?  I've tried /usr/local/etc/rc.d and /etc
>
> but
>
> > > neither seems to get read.
> >
> > Specify the location of your firewall script in /etc/rc.conf like
>
> so:
> > firewall_enable='YES'
> > firewall_type='/etc/ERICS_firewall'
> > firewall_flags='-p /usr/bin/cpp'
> >
> > [ You might choose to use some other preprocessor... ]
>
> Well, here's what I have now.  I have a file in /etc called
> grog.firewall.
> It's contents are:
>
> grog# more grog.firewall
> ipfw -f flush
> ipfw add 100 pass all from any to any via lo0
> ipfw add 200 deny all from any to 127.0.0.0/8
> ipfw add 300 deny ip from 127.0.0.0/8 to any
> ipfw add 600 allow all from any to any
>
> In my /etc/rc.conf file, I have the following two entries pertaining
> to the
> firewall:
>
> firewall_enable="YES"
> firewall_type="/etc/grog.firewall"
>
> Now, this is a headless system, so I access it through the serial
> port.  I
> don't see any errors anywhere, but my ipfw show command, immediately
> after
> boot, shows:
>
> 65535 481 38684 deny ip from any to any
>
> What have I done wrong?
> --
> Eric F Crist
> AdTech Integrated Systems, Inc
> (612) 998-3588

Ok, I'll change that.  This script still seems to cause connection problems.  
Which rules do I need to change?  This should be a wide-open firewall script, 
right?

TIA

-- 
Eric F Crist
AdTech Integrated Systems, Inc
(612) 998-3588
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: signature
Url : http://lists.freebsd.org/pipermail/freebsd-questions/attachments/20040130/f2117d50/attachment-0001.bin

More information about the freebsd-questions mailing list