bin/153252: [ipfw][patch] ipfw lockdown system in subsequent call of "/etc/rc.d/ipfw start"

[Alexander Verbod]

The following reply was made to PR bin/153252; it has been noted by GNATS.

From: "Alexander Verbod" <UMLLMTHW8EWBC7QMJE.3FZA88RFFWF at gmx.com>
To: bug-followup at FreeBSD.org
Cc: freebsd-ipfw at freebsd.org,"Chris St Denis" <chris at smartt.com>
Subject: Re: bin/153252: [ipfw][patch] ipfw lockdown system in subsequent call
 of "/etc/rc.d/ipfw start"
Date: Wed, 22 Dec 2010 10:08:01 -0500

 Chris St Denis <chris at smartt.com> wrote:
 > If I understand this problem correctly, the lockdown is caused by the
 > ssh session getting killed off between the "${fwcmd} -f flush" and the
 > subsequent add rules in rc.firewall (or other user-defined custom script).
 
 You right, "${fwcmd} -f flush" will broke connection to remote machine and start
 up script stop its execution, so no any firewall's rules applied and only 
 default 65536 deny rule is in charge.
 
 >
 > If this is the case, couldn't the issue be resolved with a simple patch
 > along the lines of this?
 >
 > + /usr/bin/nohup /bin/sh "${firewall_script}"
 
 /usr couldn't be available on start up time, so IMHO it will be better
 to use /bin/sh -T .... as I already show it in the previous post.