IPFW Better way to reload network config



Reaction score: 6
Messages: 25

I have a IPFW with complicated staff of rules.
Bridge, nat, fwd, redirect_port, wlan several tables are present here.
There are several jails on the host, related by local network.
If i edit my network config and run /etc/rc.d/netif restart && service routing restart, this gives a bad result. Some of the services will be unavailable, some of them will be disabled.
Probably, IPFW needs to restart too, but in complex this will us to catastrophe, in respect that i have ssh access only.
How to accomplish this properly? Or server reboot only is "the true way"?


Aspiring Daemon

Reaction score: 222
Messages: 575

If you want to reload only the ipfw rules you must check first if there's a ipfw -q -f flush command on top in your rule file and if your rule file is located in /usr/local/etc/ipfw.rules you can type
sh /usr/local/etc/ipfw.rules



Reaction score: 12
Messages: 51

You can take a look at /usr/share/examples/ipfw/change_rules.sh script. It provides a way to reload rules more safetly.