IPFW compiled in kernel: Where is it reading the config?

---

• From: "W. D." <WD@xxxxxxxxxxxxxxxxx>
• Date: Thu, 13 Dec 2007 01:44:46 -0600

---

Hi peeps,

After compiling ipfw into the new 6.2 kernel, and typing "ipfw list",
all I get is:

"65535 deny ip from any to any"

From reading the docs, this might indicate that this is the
default rule. (I am certainly protected this way--but can't
be very productive ;^) )

By the way, when I run "man ipfw" I get nothing. Using this
instead: http://www.hmug.org/man/8/ipfw.php How to install
the man pages?

How do I tell where ipfw is reading its config from? Is
there a default config file?

The config file locaton that I specify in rc.conf doesn't
appear to be being used:

firewall_script="/usr/local/etc/ipfw.rules"

What is the proper name for the ipfw ruleset file? Some
on the Web say that it is "ipfw.rules". Other say
it is "rc.firewall"

What is the proper location for the ruleset file? I see
all of the following:

/etc/ipfw.rules
/usr/local/etc/ipfw.rules

/etc/rc.firewall
/usr/local/etc/psa/modules/firewall/rc.firewall

Are line numbers required? I see some examples that use line
numbers and some do not.

Is there a program to easily "syntax check" a config/ruleset
file?

How do I tell if ipfw is running? "ps aux | grep ipfw"
doesn't show anything.

I would really appreciate very much some help with this. Many
thanks if you can help.






Start Here to Find It Fast!? -> http://www.US-Webmasters.com/best-start-page/
$8.77 Domain Names -> http://domains.us-webmasters.com/

_______________________________________________
freebsd-security@xxxxxxxxxxx mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscribe@xxxxxxxxxxx"

---

• Follow-Ups:
  • Re: IPFW compiled in kernel: Where is it reading the config?
    • From: Gary Palmer

• Prev by Date: Re: Added native socks support to libc in FreeBSD 7
• Next by Date: Re: IPFW compiled in kernel: Where is it reading the config?
• Previous by thread: Added native socks support to libc in FreeBSD 7
• Next by thread: Re: IPFW compiled in kernel: Where is it reading the config?
• Index(es):
  • Date
  • Thread

---

Relevant Pages Re: IPFIREWALL or PF ... IPFW comes with FreeBSD for years and have been the default system firewall for a long time too. ... While ipf can be installed as 'default block', ... So under fault conditions, such as when the config file is corrupted, ... (comp.unix.bsd.freebsd.misc) Re: IPFIREWALL or PF ... the system may boot up wide open. ... If the config file is not exist, does IPFW blocks everything by ... The kernel option for this is `IPFIREWALL_DEFAULT_TO_ACCEPT'. ... (comp.unix.bsd.freebsd.misc) Re: IPFIREWALL or PF ... ipfw) can be installed as 'default block', ... under fault conditions, such as when the config file is ... the system may boot up wide open. ... (comp.unix.bsd.freebsd.misc) rc.firewall change comments request ... since alternate setups are sourced using "ipfw" instead of ... being limited to ipfw' syntax. ... I use conditionals and variables to make the config file more readable. ... (FreeBSD-Security) Re: IPFIREWALL or PF ... IPFW comes with FreeBSD for years and have been the default system firewall for a long time too. ... While ipf can be installed as 'default block', ... So under fault conditions, such as when the config file is corrupted, the system may boot up wide open. ... If the config file is not exist, does IPFW blocks everything by default? ... (comp.unix.bsd.freebsd.misc)

---

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint

www.derkeiler.com  > Mailing-Lists  > FreeBSD-Security  > 2007-12