IPFW Starting ipfw in VIMAGE Jail

G

gpatrick

/etc/rc.d/myipfw -- in Jail
Code: 
#!/bin/sh
# PROVIDE: myipfw
. /etc/rc.subr
name="myipfw"
rcvar=`set_rcvar`
start_cmd="myipfw_start"
stop_cmd=":"
load_rc_config $name
myipfw_start() {
  if checkyesno ${rcvar}; then
    /etc/ipfw.rules
  fi
}
run_rc_command "$1"

/etc/ipfw.rules -- in Jail
Code: 
#!/bin/sh
ipfw -q flush
ipfw -q add deny all from any to any

/etc/rc.conf -- in Jail
Code: 
myipfw_enable="YES"

Code: 
  -- on Host
# jls
   JID   IP Address          Hostname                        Path
     1   -                   testa                           /usr/jail/mnt/test
     2   -                   testb                           /usr/jail/mnt/test1

I am using a similar script to the jail's /etc/rc.d/myipfwin the host's /etc/rc.d to start multiple VIMAGE Jails and it works fine.

If I run /etc/ipfw.rules in the Jail then it blocks all traffic. But I cannot get it to run the script at boot.
 
Why aren't you using the regular scripts to enable IPFW?
 
gpatrick said:
In /etc/rc.conf in the Jail I tried
Code: 
firewall_enable="YES"
firewall_script="/etc/ipfw.rules"
but it didn't work, so I tried using the method in my original post.
Click to expand...
Please use the normal scripts, they do a lot more than yours. You may want to add:
Code: 
firewall_logging="YES"
Did you also try to use the regular rules file (/etc/rc.firewall)? There's also these you can add:
Code: 
rc_debug="YES"
rc_info="YES"
These will increase the amount of logging that's produced during boot. It may contain clues as to why it's not working.

Also, on what version of FreeBSD? Scripts change from time to time.
 
How is the jail defined? It looks as though it's not running any of the startup scripts?
 
Your jail script never executes any of the rc(8) scripts. Instead of messing around with custom scripts I'd try and find out why it's not working using the regular scripts.
 
You must log in or register to reply here.
Back
Top