Freebsd – Restart/reload IPFW remotely via ssh without losing connection

freebsdipfw

Is it possible to restart IPFW or reload its script remotely via ssh connection without loosing current connection?

Best Answer

I think I found the answer to my question: In this discussion my question answered partially. Yes, indeed when you run script, it flushes all rules, because many scripts at the beginning uses this line ipfw -f flush.

But according to documentation , there is a special set 31, which cannot be disabled, and rules in set 31 are not deleted by the ipfw flush command (but you can delete them with the ipfw delete set 31 command). So just add set 31 after rule number in your script and restarting will not affect that rules which disconnect your ssh connection. As an example:

$cmd 00410 set 31 allow tcp from any to me 22 in via $pif setup keep-state

or

$cmd 00280 set 31 allow log tcp from any to any 22 out via $pif setup keep-state
Related Question