getting IP-Filter to reread it's configuration-files 'on-the-fly'

getting IP-Filter to reread it's configuration-files 'on-the-fly'

Post by Fabian Kroenne » Wed, 16 Jun 1999 04:00:00



Hello,

I'm looking for a reliable way to modify a kernel-based IP-Filter, so
that it rereads /etc/ipf.rules and maybe even /etc/ipnat.rules without
breaking current connections.

I thought of:

# ipf -f /etc/ipf.rules
and
# ipf -s

but no luck :(

I have read all the documents, but from what I understood, there is no
way to do this without temporarily breaking the Filter, which is what I
want to avoid.

Any help would be appreciated!

Regards...
Fabian

 
 
 

getting IP-Filter to reread it's configuration-files 'on-the-fly'

Post by Ni_ko_la » Wed, 16 Jun 1999 04:00:00



> I'm looking for a reliable way to modify a kernel-based IP-Filter, so
> that it rereads /etc/ipf.rules and maybe even /etc/ipnat.rules without
> breaking current connections.

ipf -F a -f /etc/ipf.rules

This should do the job.

--
PGP: 2048/BEDC92A1     5D 71 64 79 6C EA 7D 51 4E E7 37 CE 4F 1A 39 26
It is all about control, not saving the youth. Power motivates those
who want to control the internet -- not morale.
Howard Rheingold

 
 
 

getting IP-Filter to reread it's configuration-files 'on-the-fly'

Post by mips » Thu, 17 Jun 1999 04:00:00


Ni_ko_lay a crit dans le message

Quote:>ipf -F a -f /etc/ipf.rules

hmmm, ipf -A -Fa don't work ??

mips

 
 
 

getting IP-Filter to reread it's configuration-files 'on-the-fly'

Post by Ni_ko_la » Thu, 17 Jun 1999 04:00:00



>>ipf -F a -f /etc/ipf.rules
> hmmm, ipf -A -Fa don't work ??

He wanted to read in a new list, so "-f ipf.rules". "-A" is the
default (and means use the active list), so why explicitly use it?

--
PGP: 2048/BEDC92A1     5D 71 64 79 6C EA 7D 51 4E E7 37 CE 4F 1A 39 26
It is all about control, not saving the youth. Power motivates those
who want to control the internet -- not morale.
Howard Rheingold

 
 
 

getting IP-Filter to reread it's configuration-files 'on-the-fly'

Post by mips » Fri, 18 Jun 1999 04:00:00


Hmm ok, mistake from me :-)

mips

 
 
 

1. 'On-the-fly' resol. change

I guess I've been use OBSD long enough to ask a grace newbie question:

Is it possible to switch between resolutions, on the fly, when X is
started via xdm (I using 3.3.6 but I'm interested to know if it is
possible under 4 as well). In the distant past, on some 'ix (Linux I
guess it was..) system the code was C-Alt-+ or C-Alt--.

I have a sneaking suspicion that either 'on-the-fly' changes aren't
possible under xdm sessions, or were nixed for security reasons.  Can
some knowledgable individual fill me in?

2. Drive traffic to your site!

3. ping -g 'gateway-IP' 'host-IP' DOESN'T work!

4. Linux variants with reference to previous experience

5. Can't do on-the-fly tarring using wu-ftp

6. remote X windows

7. Getting Internal IP's translated to 5 External IP's.

8. Year 2000 solution for UnixWare 1.1

9. 'filters' in 'elm'

10. IP's always 0's or 255's in log file

11. 'cat file' but only if 'file' exist

12. Coverting '.so' files to '.o' files

13. DNS configuration error: AttributeError: 'NoneType' object has no attribute 'groups'