I'm trying to create my own firewall script inside of FreeBSD and I'm running in a bit problems, I was wondering if someone done something smilier and could show me an example?
su-3.2# grep ^firewall /etc/rc.conf firewall_enable="YES" # Set to YES to enable firewall functionality firewall_type="/etc/ipfw.rules" firewall_quiet="YES" # Set to YES to suppress rule display firewall_logging="YES" # Set to YES to enable events logging firewall_logdeny="YES" # Set to YES to log default denied incoming su-3.2# cat /etc/ipfw.rules ${fwcmd} add 65000 pass all from any to any su-3.2# /etc/rc.d/ipfw restart /etc/rc.d/ipfw: DEBUG: checkyesno: firewall_enable is set to YES. /etc/rc.d/ipfw: DEBUG: checkyesno: firewall_enable is set to YES. /etc/rc.d/ipfw: DEBUG: run_rc_command: doit: ipfw_stop net.inet.ip.fw.enable: 1 -> 0 /etc/rc.d/natd: DEBUG: checkyesno: natd_enable is set to NO. /etc/rc.d/ipfw: DEBUG: checkyesno: firewall_enable is set to YES. /etc/rc.d/ipfw: DEBUG: run_rc_command: start_precmd: ipfw_prestart /etc/rc.d/ipfw: DEBUG: checkyesno: dummynet_enable is set to NO. /etc/rc.d/ipfw: DEBUG: checkyesno: firewall_nat_enable is set to NO. /etc/rc.d/ipfw: DEBUG: load_kld: ipfw kernel module already loaded. /etc/rc.d/ipfw: DEBUG: run_rc_command: doit: ipfw_start /etc/rc.d/natd: DEBUG: checkyesno: natd_enable is set to NO. Line 1: bad command `${fwcmd}' Firewall rules loaded. /etc/rc.d/ipfw: DEBUG: checkyesno: firewall_logging is set to YES. Firewall logging enabled. net.inet.ip.fw.enable: 0Read from remote host XXXXX.XXX: Connection reset by peer Connection to XXXXX.XXX closed. mbp:~ alexus$
Best Answer
Lose the
${fwcmd}
. Your file is being provided to ipfw as an argument.Try running
ipfw /etc/ipfw.rules