bin/153252: [ipfw][patch] ipfw lockdown system in subsequent
call of "/etc/rc.d/ipfw start"
Chris St Denis
chris at smartt.com
Mon Dec 20 18:10:11 UTC 2010
The following reply was made to PR bin/153252; it has been noted by GNATS.
From: Chris St Denis <chris at smartt.com>
To: bug-followup at FreeBSD.org, AlexJ at freebsd.forum
Cc:
Subject: Re: bin/153252: [ipfw][patch] ipfw lockdown system in subsequent
call of "/etc/rc.d/ipfw start"
Date: Mon, 20 Dec 2010 09:45:04 -0800
If I understand this problem correctly, the lockdown is caused by the
ssh session getting killed off between the "${fwcmd} -f flush" and the
subsequent add rules in rc.firewall (or other user-defined custom script).
If this is the case, couldn't the issue be resolved with a simple patch
along the lines of this?
--- ipfw.old 2010-12-20 09:41:02.000000000 -0800
+++ ipfw 2010-12-20 09:42:02.000000000 -0800
@@ -43,7 +43,7 @@
[ -z "${firewall_script}" ] && firewall_script=/etc/rc.firewall
if [ -r "${firewall_script}" ]; then
- /bin/sh "${firewall_script}" "${_firewall_type}"
+ /usr/bin/nohup /bin/sh "${firewall_script}"
"${_firewall_type}"
echo 'Firewall rules loaded.'
elif [ "`ipfw list 65535`" = "65535 deny ip from any to any" ];
then
echo 'Warning: kernel has firewall functionality, but' \
--
Chris St Denis
Programmer
SmarttNet (www.smartt.com)
Ph: 604-473-9700 Ext. 200
-------------------------------------------
"Smart Internet Solutions For Businesses"
More information about the freebsd-ipfw
mailing list