Strange Failure Mode in FreeBSD 4.11
Martin McCormick
martin at dc.cis.okstate.edu
Thu Jan 12 11:58:10 PST 2006
I now realize that what actually happened here is an incorrect
setup on my part of ipfw. I actually had a similar problem on another
system last Summer, thought I had figured it all out, and have a time
bomb waiting if that system happens to reboot since it is set up the
same way.:-)
In the rc.conf.local, I have:
firewall_enable="YES" # Set to YES to enable firewall functionality
firewall_script="/etc/rc.firewall"
firewall_type="OPEN" # Firewall type (see /etc/rc.firewall)
firewall_quiet="NO" # Set to YES to suppress rule display
firewall_logging="YES" # Set to YES to enable events logging
firewall_flags="" # Flags passed to ipfw when type is a file
That makes ipfw load the rules in rc.firewall just fine. In
rc.firewall, there is a place where one can include a table of local
rules and that's where I am doing something wrong. The place in
rc.firewall reads:
# filename - will load the rules in the given filename (full path required)
So, I have tried various forms of
filename /etc/firewall_rules.ns
and even
filename - /etc/firewall_rules.ns
ipfw nicely loads the rules in rc.firewall and then complains
about filename not found.
I even just stuck the path and file name in a line under
# filename - will load the rules in the given filename (full path required)
I wasn't surprised when it didn't like that either.
If I replace rc.firewall with firewall_rules.ns, then only
those rules get added which is why the tcp/ip stack appeared dead.
What do I need to put in /etc/rc.firewall so it just includes
/etc/firewall_rules.ns like the #include directive usually does?
Many thanks.
Martin McCormick WB5AGZ Stillwater, OK
OSU Information Technology Department Network Operations Group
.-- -... ..... .- --. --..
More information about the freebsd-questions
mailing list