Enable ipfw without rebooting
Oliver Fromme
olli at lurza.secnetix.de
Wed Sep 28 04:04:08 PDT 2005
Achim Patzner <ap at bnc.net> wrote:
>
> > Try loading the IPFW KLD ("kldload ipfw").
>
> And remember - doing a "shutdown -r +10" before trying might be a
> good idea - last time I did this I found out the hard way that the
> kernel module was built with a default action of "deny all from any
> to any".
No. Performing a reboot is a rather bad idea.
A much better way would be a small "at" job that inserts
an appropriate "allow" rule:
# echo "/sbin/ipfw add 1 allow ip from any to any" | at + 5 minutes
# kldload ipfw
The same procedure is also useful when activating untested
changes to the IPFW rule sets. If everyting went well and
you didn't get disconnected, use atrm(1) to remove the "at"
job.
Best regards
Oliver
--
Oliver Fromme, secnetix GmbH & Co. KG, Marktplatz 29, 85567 Grafing
Dienstleistungen mit Schwerpunkt FreeBSD: http://www.secnetix.de/bsd
Any opinions expressed in this message may be personal to the author
and may not necessarily reflect the opinions of secnetix in any way.
One Unix to rule them all, One Resolver to find them,
One IP to bring them all and in the zone to bind them.
More information about the freebsd-ipfw
mailing list