Discussion:
IPFW: rc.firewall script doesn't load when loading rules from a file
Jason Williams
2003-02-18 23:49:40 UTC
Permalink
I'm using FBSD 4.7 and have compiled ipfw into the kernel. My rc.conf
file has the following:

firewall_enable="YES"
firewall_script="/etc/rc.firewall"
firewall_type="/etc/ipfw.rules"
firewall_quiet="NO"
firewall_logging_enable="YES"
log_in_vain="YES"
icmp_drop_redirect="YES"

On reboot, ipfw is not reading rc.firewall before loading my rules -
/etc/ipfw.rules - as I've assumed it would. I thought I could let
rc.firewall take care of housekeeping ( flush and loopback rules )
before moving on to the the custom rules in ipfw.rules. Am I missing
something here or is it normal to bypass rc.firewall altogether and set
up a rules file with everything needed in there? All the tutorials seem
to suggest that ipfw reads rc.firewall first before moving onto custom
rules files, but that has not been my experience here. Thanks for your
help

Jason Williams
***@seanet.com


To Unsubscribe: send mail to ***@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message
Giorgos Keramidas
2003-02-19 00:41:16 UTC
Permalink
Post by Jason Williams
I'm using FBSD 4.7 and have compiled ipfw into the kernel. My
firewall_enable="YES"
firewall_script="/etc/rc.firewall"
firewall_type="/etc/ipfw.rules"
firewall_quiet="NO"
firewall_logging_enable="YES"
log_in_vain="YES"
icmp_drop_redirect="YES"
On reboot, ipfw is not reading rc.firewall before loading my rules -
/etc/ipfw.rules - as I've assumed it would. I thought I could let
rc.firewall take care of housekeeping ( flush and loopback rules )
before moving on to the the custom rules in ipfw.rules. Am I missing
something here or is it normal to bypass rc.firewall altogether and
set up a rules file with everything needed in there?
When you set firewall_type="/etc/ipfw.rules" in your rc.conf, only the
following commands are run by rc.firewall:

ipfw -f flush
ipfw /etc/ipfw.rules

That's all. If you want the rules to have similar behavior to some of
the rules listed for open/closed/client/simple, you'll have to copy
the appropriate rules from rc.firewall into your /etc/ipfw.rules file.

Giorgos


To Unsubscribe: send mail to ***@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message
P. U. Kruppa
2003-02-19 04:20:13 UTC
Permalink
Post by Jason Williams
I'm using FBSD 4.7 and have compiled ipfw into the kernel. My rc.conf
firewall_enable="YES"
firewall_script="/etc/rc.firewall"
firewall_type="/etc/ipfw.rules"
firewall_quiet="NO"
firewall_logging_enable="YES"
log_in_vain="YES"
icmp_drop_redirect="YES"
all you need to do, is to put your list of
ipfw ...
statements into your /etc/ipfw.rules and make it executable by
# chmod 750 /etc/ipfw.rules
and they will be executed on bootup.

The line
firewall_type="/etc/ipfw.rules"
in your rc.conf is not necessary.

Uli.
Post by Jason Williams
On reboot, ipfw is not reading rc.firewall before loading my rules -
/etc/ipfw.rules - as I've assumed it would. I thought I could let
rc.firewall take care of housekeeping ( flush and loopback rules )
before moving on to the the custom rules in ipfw.rules. Am I missing
something here or is it normal to bypass rc.firewall altogether and set
up a rules file with everything needed in there? All the tutorials seem
to suggest that ipfw reads rc.firewall first before moving onto custom
rules files, but that has not been my experience here. Thanks for your
help
Jason Williams
with "unsubscribe freebsd-questions" in the body of the message
+-----------------------------------+
| Peter Ulrich Kruppa |
| - Wuppertal - |
| Germany |
+-----------------------------------+

To Unsubscribe: send mail to ***@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message
Aaron Burke
2003-02-19 05:12:03 UTC
Permalink
-----Original Message-----
Sent: Tuesday, February 18, 2003 3:50 PM
Subject: IPFW: rc.firewall script doesn't load when loading rules from a
file
I'm using FBSD 4.7 and have compiled ipfw into the kernel. My rc.conf
firewall_enable="YES"
firewall_script="/etc/rc.firewall"
firewall_type="/etc/ipfw.rules"
I am not sure how your situation is different than most, but I use
firewall_type="OPEN" instead of "/etc/ipfw.rules". The other
options will be listed in the file /etc/rc.firewall .

You may want to look at the following in the freebsd handbook.
http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/firewalls.html
firewall_quiet="NO"
firewall_logging_enable="YES"
log_in_vain="YES"
icmp_drop_redirect="YES"
On reboot, ipfw is not reading rc.firewall before loading my rules -
/etc/ipfw.rules - as I've assumed it would. I thought I could let
rc.firewall take care of housekeeping ( flush and loopback rules )
before moving on to the the custom rules in ipfw.rules. Am I missing
something here or is it normal to bypass rc.firewall altogether and set
up a rules file with everything needed in there? All the tutorials seem
to suggest that ipfw reads rc.firewall first before moving onto custom
rules files, but that has not been my experience here. Thanks for your
help
Jason Williams
with "unsubscribe freebsd-questions" in the body of the message
To Unsubscribe: send mail to ***@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message

Loading...