firewall & restart of /etc/rc.conf
m.seaman at infracaninophile.co.uk
Fri Mar 7 13:43:54 GMT 2003
Content-Type: text/plain; charset=us-ascii
On Fri, Mar 07, 2003 at 02:25:39PM +0100, Frans Diergaarde wrote:
> Hi all,
> I've got this firewallscript from a friend of my and have it modified
> for my needs.
> I have renamed it in myhost.firewall.
> Is it enough to just place in /etc/rc.conf
> or must i do more than that
> Can i restart /etc/rc.conf without rebooting the whole machine?
rc.conf is just a list of variable definitions -- very roughly an
equivalent to the Windows registry stuff. In order to start up your
firewall, what you do depends on exactly what your 'myhost.firewall'
contains. You've referred to it in rc.conf as 'firewall_script' which
implies that it's a completely stand-alone script to start up your
firewall program. In which case, just run the script. Preferably
while logged into the console so you can cope with having to debug a
ruleset that denies all network traffic.
However, if you're using ipfw(8), it's common to use the standard
rc.firewall script (ie. delete the 'firewall_script' line in
/etc/rc.conf), and instead set the 'firewall_type' variable to the
name of a file containing just a list of firewall rules. In this case
you can just run the /etc/rc.firewall script to start up the firewall.
If ipfw(8) is already running, you need to flush out all the existing
rules first, by running:
and then run your firewall startup script.
Be aware that this will result in all network traffic being
blocked on your system unless you've specially recompiled the kernel
with specific options to prevent that. =20
Dr Matthew J Seaman MA, D.Phil. 26 The Paddocks
PGP: http://www.infracaninophile.co.uk/pgpkey Marlow
Tel: +44 1628 476614 Bucks., SL7 1TH UK
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (FreeBSD)
-----END PGP SIGNATURE-----
More information about the Ukfreebsd