[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: ipf question

To: Sunny Dubey <dubeys@bxscience.edu>
Subject: Re: ipf question
From: "Joshua b. Jore" <josh@kitten.greentechnologist.org>
Date: Thu, 1 Nov 2001 22:11:07 -0600 (CST)
Cc: <misc@openbsd.org>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

I always got the impression that ipf didn't run as a daemon persay and is
instead implemented in the kernel. Under that assumption you couldn't just
kill the daemon and not have firewalling going on.

You *can* play with the active and inactive rule lists. I use a management
script that first executes `/sbin/ipf -Fa -I -f /etc/ipf/ipf.out -E` to
completely flush and reload the *inactive* filter list. The next statement
of `/sbin/ipf -s` swaps the inactive ruleset into being active. Viola - no
timeout with an active ruleset.

Joshua b. Jore
Minneapolis Ward 3, precinct 10
http://www.greentechnologist.org

On Thu, 1 Nov 2001, Sunny Dubey wrote:

> hey
>
> I just set up an invisible firewall using openbsd 2.9 and ipf.  The setup has
> been really nice and works fine as well too.  I just would like to know, is
> there a command that will restart ipf WITHOUT letting any packets flow
> through the interfaces??
>
> thanks for any help
>
> Sunny Dubey
>
>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (OpenBSD)
Comment: For info see http://www.gnupg.org

iD8DBQE74hzdfexLsowstzcRAmdUAKDIk2AYaVnEqMFQ3zmjOc6JPjfX/QCbBRDi
j6gB8iHi0vP6bE2gTsuXkCg=
=MsPv
-----END PGP SIGNATURE-----

References:
- ipf question
  - From: Sunny Dubey <dubeys@bxscience.edu>

Prev by Date: Secure File Sharing between OpenBSD and Windoze
Next by Date: Re: Secure File Sharing between OpenBSD and Windoze
Prev by thread: ipf question
Next by thread: IPF question
Index(es):
- Date
- Thread