bin/153252: [ipfw][patch] ipfw lockdown system in subsequent
call of "/etc/rc.d/ipfw start"
Alexander Verbod
UMLLMTHW8EWBC7QMJE.3FZA88RFFWF at gmx.com
Wed Dec 22 15:17:13 UTC 2010
Chris St Denis <chris at smartt.com> wrote:
> If I understand this problem correctly, the lockdown is caused by the
> ssh session getting killed off between the "${fwcmd} -f flush" and the
> subsequent add rules in rc.firewall (or other user-defined custom script).
You right, "${fwcmd} -f flush" will broke connection to remote machine and start
up script stop its execution, so no any firewall's rules applied and only
default 65536 deny rule is in charge.
>
> If this is the case, couldn't the issue be resolved with a simple patch
> along the lines of this?
>
> + /usr/bin/nohup /bin/sh "${firewall_script}"
/usr couldn't be available on start up time, so IMHO it will be better
to use /bin/sh -T .... as I already show it in the previous post.
More information about the freebsd-ipfw
mailing list