Hi Is there any reason that /etc/rc.firewall calls setup_loopback immediately after the flush and not at the point that it configures firewall rules for which it is responsible? Some time in the recent past it started adding these loopback rules for the "file" firewall type, which is in my opinion, an oversight. When the firewall rules are loaded verbatum from a file, I believe the maintainer of this file should be responsible for all rules and no other rules should be generated by the rc system. Ian -- Ian Freislich --- /usr/src/etc/rc.firewall.orig Tue Oct 31 13:03:08 2006 +++ /usr/src/etc/rc.firewall.orig Thu Dec 7 11:24:09 2006 _at__at_ -109,8 +109,6 _at__at_ # ${fwcmd} -f flush -setup_loopback - ############ # Network Address Translation. All packets are passed to natd(8) # before they encounter your remaining rules. The firewall rules _at__at_ -144,10 +142,12 _at__at_ # case ${firewall_type} in [Oo][Pp][Ee][Nn]) + setup_loopback ${fwcmd} add 65000 pass all from any to any ;; [Cc][Ll][Ii][Ee][Nn][Tt]) + setup_loopback ############ # This is a prototype setup that will protect your system somewhat # against people from outside your own network. _at__at_ -189,6 +189,7 _at__at_ ;; [Ss][Ii][Mm][Pp][Ll][Ee]) + setup_loopback ############ # This is a prototype setup for a simple firewall. Configure this # machine as a DNS and NTP server, and point all the machines _at__at_ -289,6 +290,7 _at__at_ ;; [Ww][Oo][Rr][Kk][Ss][Tt][Aa][Tt][Ii][Oo][Nn]) + setup_loopback # Configuration: # firewall_myservices: List of TCP ports on which this host # offers services. _at__at_ -381,9 +383,11 _at__at_ ;; [Cc][Ll][Oo][Ss][Ee][Dd]) + setup_loopback ${fwcmd} add 65000 deny ip from any to any ;; [Uu][Nn][Kk][Nn][Oo][Ww][Nn]) + setup_loopback ;; *) if [ -r "${firewall_type}" ]; thenReceived on Thu Dec 07 2006 - 08:26:43 UTC
This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:39:03 UTC