Strange Failure Mode in FreeBSD 4.11

Martin McCormick martin at
Thu Jan 12 11:58:10 PST 2006

	I now realize that what actually happened here is an incorrect
setup on my part of ipfw.  I actually had a similar problem on another
system last Summer, thought I had figured it all out, and have a time
bomb waiting if that system happens to reboot since it is set up the
same way.:-)

	In the rc.conf.local, I have:

firewall_enable="YES"		# Set to YES to enable firewall functionality
firewall_type="OPEN"		# Firewall type (see /etc/rc.firewall)
firewall_quiet="NO"		# Set to YES to suppress rule display
firewall_logging="YES"           # Set to YES to enable events logging
firewall_flags=""		# Flags passed to ipfw when type is a file

	That makes ipfw load the rules in rc.firewall just fine.  In
rc.firewall, there is a place where one can include a table of local
rules and that's where I am doing something wrong.  The place in
rc.firewall reads:

#   filename - will load the rules in the given filename (full path required)

	So, I have tried various forms of

filename /etc/firewall_rules.ns

and even 

filename - /etc/firewall_rules.ns

	ipfw nicely loads the rules in rc.firewall and then complains
about  filename not found.

	I even just stuck the path and file name in a line under
#   filename - will load the rules in the given filename (full path required)

	I wasn't surprised when it didn't like that either.

	If I replace rc.firewall with firewall_rules.ns, then only
those rules get added which is why the tcp/ip stack appeared dead.

	What do I need to put in /etc/rc.firewall so it just includes
/etc/firewall_rules.ns like the #include directive usually does?

	Many thanks.

Martin McCormick WB5AGZ  Stillwater, OK 
OSU Information Technology Department Network Operations Group
.-- -... ..... .- --. --..

More information about the freebsd-questions mailing list