On Tuesday 03 April 2007 07:03, Mike Makonnen wrote: > I'm not sure I understand. Are you saying the firewall should be enabled > in a precmd() subroutine? If so, I don't think that's a good idea. The > firewall should be enabled only after the firewall script has been > *successfully* loaded.
I see your point but first tell me, how do you know that the rules are *successfully* loaded? then, this is about /etc/rc.d/ipfw ok, then ipfw_start checks if firewall-script exist and reads it what was long time wrong, fortunatly fixed now, so it executes now then checks if rule 65535 returnes "65535 deny ip from any to any" what also is wrong and is ok only on stock kernel/ipfw with default to deny then at the end, regardless of any former checks ipfw_start enables net.inet.ip.fw.enable what obviously is wrong then firstable no check if it is or not to do so, it does not even check if ipfw is loaded or not, ipfw_precmd might have failed or ipfw is default to accept João A mensagem foi scaneada pelo sistema de e-mail e pode ser considerada segura. Service fornecido pelo Datacenter Matik https://datacenter.matik.com.br _______________________________________________ freebsd-ipfw@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw To unsubscribe, send any mail to "[EMAIL PROTECTED]"
