I'm trying to create my own firewall script inside of FreeBSD and I'm running in a bit problems, I was wondering if someone done something smilier and could show me an example?
su-3.2# grep ^firewall /etc/rc.conf
firewall_enable="YES" # Set to YES to enable firewall functionality
firewall_type="/etc/ipfw.rules"
firewall_quiet="YES" # Set to YES to suppress rule display
firewall_logging="YES" # Set to YES to enable events logging
firewall_logdeny="YES" # Set to YES to log default denied incoming
su-3.2# cat /etc/ipfw.rules
${fwcmd} add 65000 pass all from any to any
su-3.2# /etc/rc.d/ipfw restart
/etc/rc.d/ipfw: DEBUG: checkyesno: firewall_enable is set to YES.
/etc/rc.d/ipfw: DEBUG: checkyesno: firewall_enable is set to YES.
/etc/rc.d/ipfw: DEBUG: run_rc_command: doit: ipfw_stop
net.inet.ip.fw.enable: 1 -> 0
/etc/rc.d/natd: DEBUG: checkyesno: natd_enable is set to NO.
/etc/rc.d/ipfw: DEBUG: checkyesno: firewall_enable is set to YES.
/etc/rc.d/ipfw: DEBUG: run_rc_command: start_precmd: ipfw_prestart
/etc/rc.d/ipfw: DEBUG: checkyesno: dummynet_enable is set to NO.
/etc/rc.d/ipfw: DEBUG: checkyesno: firewall_nat_enable is set to NO.
/etc/rc.d/ipfw: DEBUG: load_kld: ipfw kernel module already loaded.
/etc/rc.d/ipfw: DEBUG: run_rc_command: doit: ipfw_start
/etc/rc.d/natd: DEBUG: checkyesno: natd_enable is set to NO.
Line 1: bad command `${fwcmd}'
Firewall rules loaded.
/etc/rc.d/ipfw: DEBUG: checkyesno: firewall_logging is set to YES.
Firewall logging enabled.
net.inet.ip.fw.enable: 0Read from remote host XXXXX.XXX: Connection reset by peer
Connection to XXXXX.XXX closed.
mbp:~ alexus$
Best Answer
Lose the
${fwcmd}. Your file is being provided to ipfw as an argument.Try running
ipfw /etc/ipfw.rules