IPFW disconnections and resets

Michael Scheidell scheidell at secnap.net
Fri Apr 29 05:17:50 PDT 2005


> 
> I use that all the time, maybe 1 out of 100 times it will kill 
> a ssh session (only one that has irssi open cause of the time 
> updating it kills it, i have it set to update every second 
> though, so normally it'd be like 1 out of 500 or so) and even 
> if it does, it still finishes loading the ruleset anyway so 
> you can just ssh straight back in

I used 

sysctl -a net.inet.ip.fw.enable=0  && firewall.sh &&
net.inet.ip.fw.enable=1 && sleep 60 && reboot
and I would hit a ^c to stop the sleep and reboot if I didn't wack the
firewall rules.
  The reboot would put it back to rc.conf firewall

Never got disconnected.

Only window of vulnerability was while loading new firewall rules.

Yours is safer.


More information about the freebsd-security mailing list