IPFW: combining "divert natd" with "keep-state"
Matthew George
mdg at secureworks.net
Mon Jun 23 15:47:06 PDT 2003
On Fri, 20 Jun 2003, Michael Collette wrote:
> BTW, is there a way to give certain IPs permissions to reloading IPFW's
> rules?
> There's some stuff I'd like to be able to admin remotely. Darn box
> won't let
> me reload rules, but it will let me reboot. I've done this quite a bit
> in
> the past to force new rules to load. I was rather hoping there was a
> more
> elegant solution to this.
>
> Later on,
>
if you have 'flush' at the top of your ruleset, you can (sometimes) get
away with an `ipfw -q`. I find screen windows (ports/misc/screen) to be
most effective, though ... even if the connection dies, the screen will
detach and continue processing the rules file.
--
Matthew George
SecureWorks Technical Operations
More information about the freebsd-security
mailing list