From owner-cvs-src@FreeBSD.ORG Thu Aug 19 16:47:31 2004 Return-Path: Delivered-To: cvs-src@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 5941C16A4CE; Thu, 19 Aug 2004 16:47:31 +0000 (GMT) Received: from www.cryptography.com (li-22.members.linode.com [64.5.53.22]) by mx1.FreeBSD.org (Postfix) with ESMTP id D99F343D48; Thu, 19 Aug 2004 16:47:30 +0000 (GMT) (envelope-from nate@root.org) Received: from [10.0.0.34] (adsl-67-127-84-57.dsl.snfc21.pacbell.net [67.127.84.57]) by www.cryptography.com (8.12.8/8.12.8) with ESMTP id i7JGlR8U010283; Thu, 19 Aug 2004 09:47:27 -0700 Message-ID: <4124D99F.7010306@root.org> Date: Thu, 19 Aug 2004 09:47:27 -0700 From: Nate Lawson User-Agent: Mozilla Thunderbird 0.7 (X11/20040702) X-Accept-Language: en-us, en MIME-Version: 1.0 To: Andre Oppermann References: <200408172205.i7HM5sDs087606@repoman.freebsd.org> <20040819030854.GM99521@freebsd3.cimlogic.com.au> <41242606.6070604@root.org> <41247C7A.B21E7660@freebsd.org> In-Reply-To: <41247C7A.B21E7660@freebsd.org> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit cc: cvs-src@freebsd.org cc: src-committers@freebsd.org cc: cvs-all@freebsd.org cc: John Birrell Subject: Re: cvs commit: src/sys/conf files options src/sys/modules/ipfw Makefilesrc/sys/net bridge.c src/sys/netgraph ng_bridge.c src/sys/netinet ip_fw_pfil.c ip_input.cip_output.c ... X-BeenThere: cvs-src@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: CVS commit messages for the src tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 19 Aug 2004 16:47:31 -0000 Andre Oppermann wrote: > Nate Lawson wrote: > >>John Birrell wrote: >> >>>On Tue, Aug 17, 2004 at 10:05:54PM +0000, Andre Oppermann wrote: >>> >>> >>>>andre 2004-08-17 22:05:54 UTC >>>> >>>> FreeBSD src repository >>>> >>>> Modified files: >>>> sys/conf files options >>>> sys/modules/ipfw Makefile >>>> sys/net bridge.c >>>> sys/netgraph ng_bridge.c >>>> sys/netinet ip_divert.c ip_dummynet.c ip_dummynet.h >>>> ip_fastfwd.c ip_fw.h ip_fw2.c ip_input.c >>>> ip_output.c ip_var.h raw_ip.c tcp_input.c >>>> tcp_sack.c >>>> sys/sys mbuf.h >>>> Added files: >>>> sys/netinet ip_fw_pfil.c >>> >>> >>>A kernel config file which includes IPFIREWALL, but not PFIL_HOOKS will >>>not link (for obvious reasons). >>> >>>Also, the script /etc/rc.d/ipfw tests the 'enable' sysctl which is removed >>>by this commit. The result is that if a kernel is booted with ipfw built >>>in, the /etc/rc.d/ipfw script tries to load the ipfw module. The module >>>load fails (for obvious reasons), causing the ipfw initialisation to fail >>>leaving the firewall in the deny-everything mode regardless of what is >>>configured in /etc/rc.conf. >>> >>>This is an issue for 5.3. [ I assume re@ are reading this list ] >> >>I've been bitten by both. Actually, ipfw.ko won't load into a kernel >>built without PFIL_HOOKS. The duplicate load attempt also happens to me. > > > I'm looking into this and will have a fix later today. Thanks, Andre. -Nate