Ipf.test rules file #!/bin/sh nic="l0" /sbin/ipf -Fa -f - <<EOF pass in on $nic all pass out on $nic all pass in all pass out all EOF
After booting system this file will load ok by doing Sh ipf.test from command line. Or I can run ipf.loadrules from command line and rules load ok. ipf.loadrules file #! /bin/sh sh /etc/ipf.test But in rc.conf to load the rules #ipfilter_rules="sh /root/bin/ipf.loadrules" #ipfilter_rules="/etc/ipf.test" does not work, get msg no rules loaded after IPFILTER started msg in boot log. This works ipfilter_rules="/etc/ipf.rules" ipf.rules files pass in all pass out all Looks to me like internal problem with the rc.conf ipfilter_rules= statement and the way it reads what is pointed at. Any ideas about what is wrong with my ipfilter_rules="/etc/ipf.test" statement. -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Mike Maltese Sent: Wednesday, November 26, 2003 1:41 PM To: [EMAIL PROTECTED] ORG Cc: Dan Nelson Subject: Re: IPFILTER rules with shell symbloic substitution > /etc/rc.firewall has lots of examples using ipfw; the concepts should > work just as well with ipf. I'm not sure that's true. /etc/rc.firewall is a shell script, an IP Filter ruleset isn't. From the documentation and my own use of it, IP Filter doesn't support variable substitution. If you're running 5.x, you can run the pf port, which does support variables and some other neat expansion capabilities that can really condense and simplify your ruleset. _______________________________________________ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]" _______________________________________________ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
