FreeBSD8.0 Firewall Script behaves much differently than 6.x

Daniel Bye freebsd-questions at slightlystrange.org
Wed Mar 31 16:55:32 UTC 2010


On Wed, Mar 31, 2010 at 09:43:53AM -0500, Martin McCormick wrote:
> 	I have just answered part of my own question. If you
> background the process as in
> 
> sh /etc/rules.fw &
> 
> it works. You still get knocked off the remote connection but
> the backgrounded process continues to run without a controlling
> terminal and completes.
> 
> 	The only remaining part of the question is:
> 
> If one modifies the firewall rules and wants to make sure they
> are good, is there a more correct way to safely reload them from
> the script?

One possible approach might be to make a copy of your rules, edit that
and then do something like this in one session:

 # sleep 300 && sh /etc/rules.fw &

And load the new rules from the new file in another:

 # sh /etc/rules.fw.new &

Now, if you lock yourself out, you wait 5 minutes before the last,
presumably good, ruleset, gets reloaded and normality is restored. If
you don't get locked out, simply kill the sleep process (which is why
it's important to use && instead of ; between your commands), and move
the new ruleset to the original file name. 

Dan

-- 
Daniel Bye
                                                                     _
                                              ASCII ribbon campaign ( )
                                         - against HTML, vCards and  X
                                - proprietary attachments in e-mail / \


More information about the freebsd-questions mailing list