Hello,
I have a firewall running ipfw with a reload script that looks something like this -
#start
ipfw -f flush
...lots of various allow commands...
...a few catch-all deny log commands...
#end
When running the script I get cut off from the server, although ending the command with a '&' causes it to continue running which is fine, but it also cuts off a lot of customers - mainly vpn & rdp connections.
I've been looking around and i've found the following commands which may temporarily disable the firewall during reload to stop this happening. -
1) ipfw disable/enable firewall
2) sysctl net.inet.ip.fw=0/1
I've not found any definative information on the net about this so I'd like to know the following -
If I place a entry at the top of the script to run one of the above commands, and its opposite at the bottom, will it achieve what I want? I'm just worried that disabling the firewall at the top of the script will affect the loading of the rules, or cause some other issue.
I have a firewall running ipfw with a reload script that looks something like this -
#start
ipfw -f flush
...lots of various allow commands...
...a few catch-all deny log commands...
#end
When running the script I get cut off from the server, although ending the command with a '&' causes it to continue running which is fine, but it also cuts off a lot of customers - mainly vpn & rdp connections.
I've been looking around and i've found the following commands which may temporarily disable the firewall during reload to stop this happening. -
1) ipfw disable/enable firewall
2) sysctl net.inet.ip.fw=0/1
I've not found any definative information on the net about this so I'd like to know the following -
If I place a entry at the top of the script to run one of the above commands, and its opposite at the bottom, will it achieve what I want? I'm just worried that disabling the firewall at the top of the script will affect the loading of the rules, or cause some other issue.