rc.firewall script not running at system boot
The Admiral
xxadmiralxx at gmail.com
Thu Feb 1 21:28:07 UTC 2007
We had a power outage last night and I arrived at work today to find that
one of our machines no longer has network access (one of the few machines
not on a battery backup unit). I checked to see what firewall rules were
enabled and the only one that was active was to deny all. It seems as
though my rc.firewall script wasn't run automatically when the system
booted. I rebooted to double check and sure enough the only rule enabled
was the deny all rule. My rc.conf file has the following:
---------------------------------------------------------------
hostname="dev"
ifconfig_em0="inet 192.168.1.120 netmask 255.255.255.0"
ifconfig_vr0="inet 224.87.34.72 netmask 255.255.255.248" #real IP hidden
on purpose
defaultrouter="224.87.34.71"
gateway_enable=YES
firewall_enable="YES" # Set to YES to enable firewall functionality
firewall_script="/etc/rc.firewall" # Which script to run to set up the
firewall
firewall_type="client" # Firewall type (see /etc/rc.firewall)
---------------------------------------------------------------
my kernel configuration file has the following:
---------------------------------------------------------------
options IPFIREWALL # required to use ipfw
options IPFIREWALL_FORWARD
options IPDIVERT # required for natd
options IPFIREWALL_VERBOSE # Enables logging of packets that pass
through IPFW and have the 'log' keyword specified in the rule set.
---------------------------------------------------------------
When I run the rc.firewall script directly (sudo /etc/rc.firewall client)
all my rulesets are enabled as they should, however, the rc.firewall file
isn't being executed at system boot, which I'd like to resolve, since it
means that the machine will be inaccessible if the machine is rebooted for
whatever reason, and no one is there to manually execute the firewall script
from the console. The strange thing is, the last time I manually rebooted
the machine, the script was executed without a problem.. The machine hasn't
been rebooted for a while though, and a lot of the software has been updated
in the meantime, so I'm thinking that may be the cause, but I'm still unsure
how to go about fixing this. Any help is greatly appreciated, thanks.
Mike
More information about the freebsd-ipfw
mailing list