IP Firewall disconnecting me after firewall changes
Norberto Meijome
freebsd at meijome.net
Fri May 18 07:21:25 UTC 2007
On Wed, 16 May 2007 16:58:39 +1200
"Brett Davidson" <brett at net24.co.nz> wrote:
> I keep firewall rules in a file that I then run via a "sh" command. You
> know, like /etc/rc.firewall. :-)
>
> Essentially the file does
> ipfw -q -f flush
> $cmd 0015 check-state
> $cmd set 31 <rule#> <allow tcp from <address/subnet> to me 22 in via
> $pif setup keep-state
>
> where $cmd = "ipfw -q add" and $pif = "em0".
>
> I understand that this set 31 rule should remain even after the flush
> action on the first line.
>
> This does not appear to be the case. If I run this script from an ssh
> session I get disconnected which is not what I expected.
>
> What am I doing wrong?
Nothing wrong really, i've always found it worked like this (it's actually
mentioned in man ipfw , @ the end, in the section about using ipfw as a kld).
If you dont want to lose your session, use a tool like screen to keep your
term alive even when getting booted.
To avoid bad rules that lock you out altogether, implement a crontab that will
reset the rules to a known good configuration after a short period of time
(say, if u can't get in for 10 minutes, reset the rules. If you can get it,
update the crontab so it doesnt get run).
Beto
_________________________
{Beto|Norberto|Numard} Meijome
"They redundantly repeated themselves over and over again incessantly without
end ad infinitum" ibid.
I speak for myself, not my employer. Contents may be hot. Slippery when wet.
Reading disclaimers makes you go blind. Writing them is worse. You have been
Warned.
More information about the freebsd-questions
mailing list