/etc/rc.d/ipfw can't deal with firewall_type?
Ian Smith
smithi at nimnet.asn.au
Tue May 3 17:47:05 UTC 2011
On Wed, 4 May 2011, KIRIYAMA Kazuhiko wrote:
> Hi all,
> Recently I upgraded to 8.2-STABLE and reconfigured natd + jailed box, but
> all packets could not over nat box. I've researched and found
> /etc/rc.firewall does not recieve argument of firewall_type. So ipfw does
> not divert and natd could not be performed. The reason is /etc/rc.d/ipfw
> incorrect. I think an patch below should be applyed to /etc/rc.d/ipfw. Is
> there any problem to do this?
Yes. Assuming using the default firewall_script="/etc/rc.firewall",
then as it says early in /etc/rc.firewall, you just needed to:
# Define the firewall type in /etc/rc.conf. Valid values are:
[..]
Sure, /etc/rc.firewall can set firewall_type to a parameter if you pass
it one, but otherwise uses whatever $firewall_type is set to when you
start ipfw. I guess the code below allows you to use syntax like:
# /etc/rc.d/ipfw start client
to override the $firewall_type set in /etc/rc.conf, but it's not the
common usage, nor is it how ipfw is started normally by rc.
So just set firewall_type in rc.conf and you should be fine .. unless
you meant that you're trying to run ipfw & natd INSIDE a jail?
cheers, Ian
> --- /etc/rc.d/ipfw.org 2011-05-03 18:19:28.000000000 +0900
> +++ /etc/rc.d/ipfw 2011-05-03 22:08:14.000000000 +0900
> @@ -35,15 +35,11 @@
>
> ipfw_start()
> {
> - local _firewall_type
> -
> - _firewall_type=$1
> -
> # set the firewall rules script if none was specified
> [ -z "${firewall_script}" ] && firewall_script=/etc/rc.firewall
>
> if [ -r "${firewall_script}" ]; then
> - /bin/sh "${firewall_script}" "${_firewall_type}"
> + /bin/sh "${firewall_script}" "${firewall_type}"
> echo 'Firewall rules loaded.'
> elif [ "`ipfw list 65535`" = "65535 deny ip from any to any" ]; then
> echo 'Warning: kernel has firewall functionality, but' \
More information about the freebsd-stable
mailing list