firewall_enabled: not found mail message (was IPFW custom rules file not loading)

Nicholas Henry nicholas.henry at gmail.com
Sat May 7 09:59:24 PDT 2005


Thank you for you help - I misunderstood the firewall_script and
firewall_type. Everything works well now. Just one annoying problem. I
continually get a mail msg regarding firewall_enabled not found:

>From operator at example.domain.ca Sat May  7 12:44:00 2005
Date: Sat, 7 May 2005 12:44:00 -0400 (EDT)
From: operator at example.domain.ca (Cron Daemon)
To: operator at example.domain.ca
Subject: Cron <operator at example> /usr/libexec/save-entropy

firewall_enable: not found

Can anyone tell me how to resolve this issue?

Thanks again,
Nicholas

On 5/3/05, Giorgos Keramidas <keramida at ceid.upatras.gr> wrote:
> On 2005-05-03 15:18, Nicholas Henry <nicholas.henry at gmail.com> wrote:
> > May  3 14:25:22 babe kernel: firewall_enable: not found
> > May  3 14:25:22 babe kernel: ipfw2 initialized, divert disabled, rule-based forwarding dis$
> > May  3 14:25:22 babe kernel: Flushed all rules.
> > May  3 14:25:22 babe kernel: Line 3:
> > May  3 14:25:22 babe kernel: bad command `ipfw'
> > May  3 14:25:22 babe kernel:
> > May  3 14:25:22 babe kernel: Firewall rules loaded, starting divert daemons:
> > May  3 14:25:22 babe kernel: firewall_enable: not found
> > May  3 14:25:22 babe kernel: .
> > May  3 14:25:22 babe kernel: net.inet.ip.fw.enable:
> > May  3 14:25:22 babe kernel: 1
> > May  3 14:25:22 babe kernel: ->
> > May  3 14:25:22 babe kernel: 1
> >
> > I'm refering to the "bad command 'ipfw'" line. I'm also concerned
> > about the "firewall_enable" not found message.
> 
> It's normal.  You're using firewall_type and yet you have written a
> firewall _script_ in /etc/ipfw.rules.
> 
> > ** start rc.conf snippet **
> > firewall_enable="YES"
> > firewall_script="/etc/rc.firewall"
> > firewall_type="/etc/ipfw.rules"
> > firewall_quiet="NO"
> > firewall_logging="NO"
> > firewall_flags=""
> > ** send rc.conf snippet **
> 
> Your firewall_type points to a pathname, so the file should contain
> rules in the form:
> 
>         check-state
>         add allow tcp from any to any 80 keep-state
>         add block ip from any to any
> 
> > ** start ipfw.rules **
> >
> > #!/bin/sh
> > # Flush out the list before we begin.
> > ipfw -q -f flush
> >
> > # Set rules command prefix
> > cmd="ipfw -q add"
> > skip="skipto 801"
> > pif="fxp0"    #found by doing a ifconfig or netstat -nr
> >               # public interface name of NIC
> 
> Your ipfw.rules file is written in the form of a firewall_script.
> The difference between the two is small but important.
> 
> A firewall_type file contains just a set of rules that ipfw(8) will
> parse, without intervention by a shell.
> 
> A firewall_script is executed by the /bin/sh shell, as a normal shell
> script.  One example of what can be used as a firewall_script is
> /etc/rc.firewall (in pre-5.X versions) or /etc/rc.d/ipfw (in FreeBSD
> 5.X or later).
> 
> _______________________________________________
> freebsd-questions at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to "freebsd-questions-unsubscribe at freebsd.org"
>


More information about the freebsd-questions mailing list