Update Firewall Rules

Philip Payne philip.payne at uk.mci.com
Thu May 22 08:10:40 PDT 2003


> Thanks to all who replied, lots of food for thought!
> Maybe my setup is a little different than what people use 
> because I have 
> different rule sets in /etc/rc.firewall (which is the default 
> with OPEN, 
> SIMPLE and CLIENT) and one of them is configured in /etc/rc.conf.
> So my question is how I change from one rule set to another 
> that is defined 
> in rc.firewall. The problem should simply be how to pass the 
> parameter (and 
> to what) because
> sh /etc/rc.firewall OPEN
> does not work, this simply reloads the same rule set that's 
> defined in 
> /etc/rc.conf.
> Good advice against lock-outs though. Is generally the 
> preferred approach to 
> use different files for different rules, rather than keep sets in 
> /etc/rc.firewall? And if so, how do you set this up in 
> /etc/rc.conf, since 
> the firewall type by default looks at rc.firewall...

Using the same approach as writing a script to carry out the 
     sh /etc/rc.firewall

You could either have different scripts to pass the firewall_type variable
and then do the firewall rules e.g.:

sh /etc/rc.firewall

sh /etc/rc.firewall

I'm really not a shell scripting person (networking is my area), so I can't
say this will definitely work but... kind of sounds right. Perhaps someone
with more shell scripting experise can comment.

Alternatively, couldn't you just specify the variable on the command line
before running the implementation script? e.g in bash:

# install-fwrules.sh

Again, never tried it myself... 

Let me know how you get on. Wouldn't mind knowing for sure what's the
correct approach.


More information about the freebsd-questions mailing list