IPFW compiled in kernel: Where is it reading the config?
W. D.
WD at US-Webmasters.com
Thu Dec 13 10:39:58 PST 2007
At 05:00 12/13/2007, Gary Palmer wrote:
>
>> The config file locaton that I specify in rc.conf doesn't
>> appear to be being used:
>>
>> firewall_script="/usr/local/etc/ipfw.rules"
>
>You require
>
>firewall_enable="YES"
>
>in /etc/rc.conf for the rules to be looked at
>
>Also, firewall_script may be the wrong configuration parameter to use.
>firewall_script is expected to be a shell script to configure the
>firewall. If you just want a file of rules, set firewall_type instead.
>e.g.
>
>firewall_type="/etc/rc.firewall.rules"
>firewall_enable="YES"
>
>and then put your rules one line at a time into the specified file. i.e.
>
>add allow ip from any to any via lo0
>(etc)
>
>ipfw is a kernel module. It will not show up in "ps aux". If
>"ipfw list" does not come back with an error message, then it
>is likely running. You can check for the ipfw module using
>
>kldstat
>
>(assuming you did not compile ipfw into a custom kernel)
>
>To check the syntax of a list of rules (note: not a shell script) then
>you can use
>
>ipfw -n /path/to/rules/file
>
>>From the man page
>
> -n Only check syntax of the command strings, without actually pass-
> ing them to the kernel.
>
>Regards,
>
>Gary
Thanks, Gary! This is much of what I was looking for.
Start Here to Find It Fast!™ -> http://www.US-Webmasters.com/best-start-page/
$8.77 Domain Names -> http://domains.us-webmasters.com/
More information about the freebsd-security
mailing list