IPFILTER rules with shell symbloic substitution

fbsd_user fbsd_user at a1poweruser.com
Wed Nov 26 12:18:00 PST 2003

Ipf.test  rules file
/sbin/ipf -Fa -f - <<EOF
pass in on $nic all
pass out on $nic all
pass in all
pass out all

After booting system this file will load ok by doing
Sh ipf.test from command line.

Or I can run ipf.loadrules from command line and rules load ok.

ipf.loadrules file
#! /bin/sh
sh /etc/ipf.test

But in rc.conf to load the rules
#ipfilter_rules="sh /root/bin/ipf.loadrules"
does not work, get msg no rules loaded after IPFILTER started msg in
boot log.

This works

ipf.rules files
pass in all
pass out all

Looks to me like internal problem with the rc.conf
ipfilter_rules= statement and the way it reads what is pointed at.

Any ideas about what is wrong with my ipfilter_rules="/etc/ipf.test"

-----Original Message-----
From: owner-freebsd-questions at freebsd.org
[mailto:owner-freebsd-questions at freebsd.org]On Behalf Of Mike
Sent: Wednesday, November 26, 2003 1:41 PM
To: freebsd-questions at FreeBSD. ORG
Cc: Dan Nelson
Subject: Re: IPFILTER rules with shell symbloic substitution

> /etc/rc.firewall has lots of examples using ipfw; the concepts
> work just as well with ipf.

I'm not sure that's true. /etc/rc.firewall is a shell script, an IP
ruleset isn't. From the documentation and my own use of it, IP
doesn't support variable substitution. If you're running 5.x, you
can run
the pf port, which does support variables and some other neat
capabilities that can really condense and simplify your ruleset.

freebsd-questions at freebsd.org mailing list
To unsubscribe, send any mail to
"freebsd-questions-unsubscribe at freebsd.org"

More information about the freebsd-questions mailing list