Re: bad test in /etc/rc.d/ip6fw

Sean McNeil wrote: Hi Henrique, For Firewall in IPV6 enable in kernel options IPV6FIREWALL # Enable ipfirewall(4) for ipv6 options IPV6FIREWALL_VERBOSE # Enable log's in syslogd(4) options IPV6FIREWALL_VERBOSE_LIMIT=100 # Set limite in syslogd in 100 registers options IPV6FIREWALL_DEFAULT_TO

Re: bad test in /etc/rc.d/ip6fw

Sean McNeil wrote: Hi Henrique, For Firewall in IPV6 enable in kernel options IPV6FIREWALL # Enable ipfirewall(4) for ipv6 options IPV6FIREWALL_VERBOSE # Enable log's in syslogd(4) options IPV6FIREWALL_VERBOSE_LIMIT=100 # Set limite in syslogd in 100 registers options IPV6FIREWALL_DEFAULT_TO

Difference between pipe in via $int_if and pipe out via $ext_if

Let's consider shaping of traffic that comes from internal network. I can do this using pipe for outgoing traffic on external interface # ipfw add pipe 1 ip from 172.16.0.1 to any out via $ext_if or for incoming traffic on internal interface # ipfw add pipe 1 ip from 172.16.0.1 to any in via $int

Re: conf/78762: [ipfw] [patch] /etc/rc.d/ipfw should excecute $fire wall_script not read it

On Mon, Apr 02, 2007 at 01:02:51PM -0300, AT Matik wrote: > On Monday 02 April 2007 12:40, Mike Makonnen wrote: > > Synopsis: [ipfw] [patch] /etc/rc.d/ipfw should excecute $firewall_script > > not read it > > > > State-Changed-From-To: open->patched > > State-Changed-By: mtm > > State-Changed-When:

Re: conf/78762: [ipfw] [patch] /etc/rc.d/ipfw should excecute $fire wall_script not read it

On Tuesday 03 April 2007 07:03, Mike Makonnen wrote: > I'm not sure I understand. Are you saying the firewall should be enabled > in a precmd() subroutine? If so, I don't think that's a good idea. The > firewall should be enabled only after the firewall script has been > *successfully* loaded. I s

Re: conf/78762: [ipfw] [patch] /etc/rc.d/ipfw should excecute $fire wall_script not read it

On Tue, Apr 03, 2007 at 08:04:31AM -0300, AT Matik wrote: > I see your point > but first tell me, how do you know that the rules are *successfully* loaded? > Sorry, I wrote that email from memory and thought that was how it operated. However, what it does is output a warning if the last rule is t

Re: cvs commit: src/sys/netinet ip_fw.h ip_fw2.c ip_fw_pfil.c ip_input.c

Max Laier wrote: On Tuesday 03 April 2007 10:16, Julian Elischer wrote: julian 2007-04-03 08:16:05 UTC FreeBSD src repository Modified files:(Branch: RELENG_6) sys/netinet ip_fw.h ip_fw2.c ip_fw_pfil.c ip_input.c Log: Revert one of the MFCs from Friday as it p

Re: cvs commit: src/sys/netinet ip_fw.h ip_fw2.c ip_fw_pfil.c ip_input.c

this time, with the patch :-) Max Laier wrote: On Tuesday 03 April 2007 10:16, Julian Elischer wrote: julian 2007-04-03 08:16:05 UTC FreeBSD src repository Modified files:(Branch: RELENG_6) sys/netinet ip_fw.h ip_fw2.c ip_fw_pfil.c ip_input.c Log: Revert one

Re: conf/78762: [ipfw] [patch] /etc/rc.d/ipfw should excecute $fire wall_script not read it

On Tuesday 03 April 2007 12:40, Mike Makonnen wrote: > On Tue, Apr 03, 2007 at 08:04:31AM -0300, AT Matik wrote: > > I see your point > > but first tell me, how do you know that the rules are *successfully* > > loaded? > > Sorry, I wrote that email from memory and thought that was how it operated.