IPFilter Questions

From: michael@mck.net.com
Date: 09/17/02 

From: michael@mck.net.com
Date: Tue, 17 Sep 2002 04:46:42 GMT

Hello all...

I've become a victom of the stability of IPFilter...

My firewall has been up and running for 487 days
without a single problem. Recently, being the genious
that I am, I deleted my shell history. The problem, is
that since IPF has been so reliable, I relied on my shell
history to manage it.

Anyway, there were a couple of commands I used... one to
reload the rules if I made a change to them and one to
reload the NAT rules if I changed them.

The best I can remember for the IPF rule reload is that
the command looked something like this...
        ipfstat -io|ipf -rf - ....

The problem is that I dont remember the rest of this command
string. It used to do the following... clear the current
rules in memory, break any current connections, and load the
new rules.

For example, if I edited my ipf.rules file and removed the
rule that allowed port 80 outbound and ran the "reload"
command (ie. ipfstat -io|ipf -rf - ....) it would immediately
break all connections and show some output reflecting the
new reload.

I have tried this...
        ipfstat -io|ipf -rf -;ipf -Fsa -f /etc/opt/ipf/ipf.rules

but the connections stay open even if I have removed the rule that
allowed them. I'm pretty sure this isnt the command sequence I
used to use, but I cant find it on the net anywhere.

I am looking for the best way to clear the current ruleset and load
the latest ruleset... I want it to break all existing connections
when I do it.

If anyone has any ideas or suggestions, they would be greatly
appreciated.

Thanks to all in advance.

Relevant Pages

  • usb2 port gets very slow on 2-gig Flash Drive.
    ... I needed to reload the flash drive on a Zenstone 2-gig mp3 ... It is July 24 and ps ax -Olstart shows me that tar has ... several minutes between the rm -r -f command to wipe the FAT ... To UNSUBSCRIBE, email to debian-user-REQUEST@xxxxxxxxxxxxxxxx ...
    (Debian-User)
  • Re: recognizing newly created device on HSG80
    ... Then you'll see a list of your HBA WWID's. ... If you have other units allocated for the same node already, you find the connections even easier by looking at the other units parameters: ... HSG80> sho Dyyy ... The IO FIND_WWID command probes all Fibre Channel ports, ...
    (comp.os.vms)
  • Re: recognizing newly created device on HSG80
    ... HSG80> sho Dyyy ... Where it shows the connections which have access to that unit. ... I presume you only enter those nodes which have an HBA? ... The IO FIND_WWID command probes all Fibre Channel ports, ...
    (comp.os.vms)
  • Re: Cleanup a unconnected Coupling Facility
    ... There are probably outstanding failed persistent connections to the CF ... you can use the command ... For IBM-MAIN subscribe / signoff / archive access instructions, ... send email to listserv@xxxxxxxxxxx with the message: GET IBM-MAIN INFO ...
    (bit.listserv.ibm-main)
  • Re: Cleaning up playlist and the Library
    ... nice library command, "clear entire library". ... >> library connections or playlist connections are connected. ... you can't move them in WMP so that cuts out that option. ... > so it's not matched up to the records for the original file locations. ...
    (microsoft.public.windowsmedia.player)