IPFW Rules reload question

N

NeoBlu

Q: How does a IPFW rules reload affect current connections? Do the new rules only affect new connections? Or do they immediately apply to current connections as well?

Thx.
NB
 
What do you mean by "IPFW rules reload"? Do you mean delete all rules and create them again?
If you delete a rule it is gone and will not be applied any longer. There is only an exception when disabling a set of rules.

See IPFW(8) for details
 
Not exactly. Let's say I have a file that contains a rules script such as found at the lower portion of this page:

http://www.freebsd.org/doc/handbook/firewalls-ipfw.html

If I rerun that script (sh /etc/ipfw.rules), how does that affect current connections? i.e. If an ftp transfer is taking place and I re-run the script that changes a dummynet setting, does it take effect immediately or not?

Thx.
 
The first command in that script clears all the rules from the list.

If the default rule (65535) is "deny ip from any to any", then any and all connections are dropped at that instant.

If the default rule (65535) is "allow ip from any to any", then any connections that are simply routed (not going through NAT) will continue to work, and any connections going through NAT will be dropped.

Then the rest of the script is executed and the rules put back in place. Then new connections go through correctly.
 
You must log in or register to reply here.
Back
Top