IPFW compiled in kernel: Where is it reading the config?

W. D. WD at US-Webmasters.com
Thu Dec 13 10:39:58 PST 2007


At 05:00 12/13/2007, Gary Palmer wrote:
> 
>> The config file locaton that I specify in rc.conf doesn't 
>> appear to be being used:
>> 
>>    firewall_script="/usr/local/etc/ipfw.rules"
>
>You require
>
>firewall_enable="YES"
>
>in /etc/rc.conf for the rules to be looked at
>
>Also, firewall_script may be the wrong configuration parameter to use.  
>firewall_script is expected to be a shell script to configure the 
>firewall.  If you just want a file of rules, set firewall_type instead.
>e.g.
>
>firewall_type="/etc/rc.firewall.rules"
>firewall_enable="YES"
>
>and then put your rules one line at a time into the specified file.  i.e.
>
>add allow ip from any to any via lo0
>(etc)
>
>ipfw is a kernel module.  It will not show up in "ps aux".  If
>"ipfw list" does not come back with an error message, then it
>is likely running.  You can check for the ipfw module using
>
>kldstat
>
>(assuming you did not compile ipfw into a custom kernel)
>
>To check the syntax of a list of rules (note: not a shell script) then
>you can use
>
>ipfw -n /path/to/rules/file
>
>>From the man page
>
>     -n      Only check syntax of the command strings, without actually pass-
>             ing them to the kernel.
>
>Regards,
>
>Gary

Thanks, Gary!  This is much of what I was looking for.

Start Here to Find It Fast!™ -> http://www.US-Webmasters.com/best-start-page/
$8.77 Domain Names -> http://domains.us-webmasters.com/



More information about the freebsd-security mailing list