Cron config for ipfw table
Michael Sierchio
kudzu at tenebras.com
Fri Apr 10 20:36:08 UTC 2020
On Fri, Apr 10, 2020 at 12:26 PM Lowell Gilbert <
freebsd-questions-local at be-well.ilk.org> wrote:
> Jos Chrispijn <bsduser at cloudzeeland.nl> writes:
>
> > I have added a line to my crontab that defines running a script on
> reboot:
> >
> > @reboot bash /root/cronjobs/reboot.sh &
> >
> > This (bash) .sh script should add an updated ipfw table (preventing I
> > have to run his action manually) but unfortunately no script is
> > executed on reboot.
> >
> > - script is executable
> > - no action is mentioned in /var/log/cron
> >
> > Can you tell me what I do wrong here? Perhaps scheduling this action
> > _after_ reboot would be the solution?
>
> Is there any reason that you can't use the system's standard ipfw script
> for that?
>
>
I would suggest just putting the reference to loading tables in your ipfw
script. I never use the default.
in /etc/rc.conf:
firewall_enable="YES"
firewall_script="/etc/ipfw/rc.ipfw"
in /etc/ipfw/rc.ipfw:
################################################################################
# load tables in background
lockf -kst 30 /tmp/fw-wl.lck ipfw-table-update whitelist &
lockf -kst 30 /tmp/fw-bl.lck ipfw-table-update blacklist &
lockf -kst 30 /tmp/cp-bl.lck ipfw-table-update cloudips &
ipfw-table-update <table> looks for .txt files in /etc/ipfw/<table> and
creates and loads the table
(it's a little more than that, since each table has an alternate to permit
atomic table updates)
components of the blacklist are updated several times an hour or several
times a day.
The script may be run manually, of course.
--
"Well," Brahmā said, "even after ten thousand explanations, a fool is no
wiser, but an intelligent person requires only two thousand five hundred."
- The Mahābhārata
More information about the freebsd-questions
mailing list