Re: IPFW compiled in kernel: Where is it reading the config?
- From: Gary Palmer <gpalmer@xxxxxxxxxxx>
- Date: Thu, 13 Dec 2007 06:00:09 -0500
On Thu, Dec 13, 2007 at 01:44:46AM -0600, W. D. wrote:
Hi peeps,
After compiling ipfw into the new 6.2 kernel, and typing "ipfw list",
all I get is:
"65535 deny ip from any to any"
From reading the docs, this might indicate that this is the
default rule. (I am certainly protected this way--but can't
be very productive ;^) )
By the way, when I run "man ipfw" I get nothing. Using this
instead: http://www.hmug.org/man/8/ipfw.php How to install
the man pages?
How do I tell where ipfw is reading its config from? Is
there a default config file?
The config file locaton that I specify in rc.conf doesn't
appear to be being used:
firewall_script="/usr/local/etc/ipfw.rules"
You require
firewall_enable="YES"
in /etc/rc.conf for the rules to be looked at
Also, firewall_script may be the wrong configuration parameter to use.
firewall_script is expected to be a shell script to configure the
firewall. If you just want a file of rules, set firewall_type instead.
e.g.
firewall_type="/etc/rc.firewall.rules"
firewall_enable="YES"
and then put your rules one line at a time into the specified file. i.e.
add allow ip from any to any via lo0
(etc)
ipfw is a kernel module. It will not show up in "ps aux". If
"ipfw list" does not come back with an error message, then it
is likely running. You can check for the ipfw module using
kldstat
(assuming you did not compile ipfw into a custom kernel)
To check the syntax of a list of rules (note: not a shell script) then
you can use
ipfw -n /path/to/rules/file
From the man page
-n Only check syntax of the command strings, without actually pass-
ing them to the kernel.
Regards,
Gary
_______________________________________________
What is the proper name for the ipfw ruleset file? Some
on the Web say that it is "ipfw.rules". Other say
it is "rc.firewall"
What is the proper location for the ruleset file? I see
all of the following:
/etc/ipfw.rules
/usr/local/etc/ipfw.rules
/etc/rc.firewall
/usr/local/etc/psa/modules/firewall/rc.firewall
Are line numbers required? I see some examples that use line
numbers and some do not.
Is there a program to easily "syntax check" a config/ruleset
file?
How do I tell if ipfw is running? "ps aux | grep ipfw"
doesn't show anything.
I would really appreciate very much some help with this. Many
thanks if you can help.
Start Here to Find It Fast!? -> http://www.US-Webmasters.com/best-start-page/
$8.77 Domain Names -> http://domains.us-webmasters.com/
_______________________________________________
freebsd-security@xxxxxxxxxxx mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscribe@xxxxxxxxxxx"
freebsd-security@xxxxxxxxxxx mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscribe@xxxxxxxxxxx"
- Follow-Ups:
- References:
- Prev by Date: IPFW compiled in kernel: Where is it reading the config?
- Next by Date: Re: IPFW compiled in kernel: Where is it reading the config?
- Previous by thread: IPFW compiled in kernel: Where is it reading the config?
- Next by thread: Re: IPFW compiled in kernel: Where is it reading the config?
- Index(es):
Relevant Pages
|
|
