How to disable flows in IPSO 3.3 and later

How to disable flows in IPSO 3.3 and later

This must be done by modifying $FWDIR/etc/rc/rc.fwload.

Replace the "bolded" flowpath in the following section with slowpath:

ipsctl -n net:ip:forward:available_modes | grep -q -s flowpath
if ($status == 0)then 
ipsctl -w net:ip:forward:switch_mode flowpath
else 
echo "FireWall-1: You are attempting to start the FW on an incompatible OS - exiting" >>& $LOGDIR/fw.log 
exit 1 
endif

You also need to modify $FWDIR/bin/fwstart. Replace the "bolded" flowpath in the following section with slowpath:

 if ($ipso) then 
       # enable flows, if available. Don't need check because it is already checked! 
       ipsofwd flowpath 
       (cd $FW_BOOT_DIR/modules ; modload -v -A $KERNEL_IS -e fw1_i nit -p fw.mkdev -o fwmod fwmod.o)          
       if ($status) then echo "FW-1: modload failed" 
     exit 1 
 endif 
 putlic -k

FireWall-1 must be re-started for this change to take effect.

Added 13TH FEB 03

< back