From owner-freebsd-questions@freebsd.org Sun May 23 16:42:41 2021 Return-Path: Delivered-To: freebsd-questions@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 421B064B30A for ; Sun, 23 May 2021 16:42:41 +0000 (UTC) (envelope-from lumiwa@dismail.de) Received: from mx1.dismail.de (mx1.dismail.de [78.46.223.134]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA512 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mx1.dismail.de", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4Fp5jr1GNrz3hfr for ; Sun, 23 May 2021 16:42:39 +0000 (UTC) (envelope-from lumiwa@dismail.de) Received: from mx1.dismail.de (localhost [127.0.0.1]) by mx1.dismail.de (OpenSMTPD) with ESMTP id 91b862a4; Sun, 23 May 2021 18:42:37 +0200 (CEST) Received: from smtp1.dismail.de ( [10.240.26.11]) by mx1.dismail.de (OpenSMTPD) with ESMTP id 5aec2466; Sun, 23 May 2021 18:42:37 +0200 (CEST) Received: from smtp1.dismail.de (localhost [127.0.0.1]) by smtp1.dismail.de (OpenSMTPD) with ESMTP id c4b378f1; Sun, 23 May 2021 18:42:37 +0200 (CEST) Received: by dismail.de (OpenSMTPD) with ESMTPSA id 06a975f6 (TLSv1.3:AEAD-AES256-GCM-SHA384:256:NO); Sun, 23 May 2021 18:42:36 +0200 (CEST) Date: Sun, 23 May 2021 12:42:33 -0400 From: LuMiWa To: Valeri Galtsev Cc: FreeBSD Mailing List Subject: Re: After upgrade to 13.0-RELEASE ipfw locks the boxes Message-ID: <20210523124233.0383fb2e@dismail.de> In-Reply-To: <72162DBE-737D-42BA-8010-AA28DA6F2A5F@kicp.uchicago.edu> References: <72162DBE-737D-42BA-8010-AA28DA6F2A5F@kicp.uchicago.edu> X-Mailer: Claws Mail 3.17.8 (GTK+ 2.24.33; amd64-portbld-freebsd13.0) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable X-Rspamd-Queue-Id: 4Fp5jr1GNrz3hfr X-Spamd-Bar: ----- X-Spamd-Result: default: False [-5.10 / 15.00]; ARC_NA(0.00)[]; RBL_DBL_DONT_QUERY_IPS(0.00)[78.46.223.134:from]; R_DKIM_ALLOW(-0.20)[dismail.de:s=20190914]; NEURAL_HAM_MEDIUM(-1.00)[-1.000]; FROM_HAS_DN(0.00)[]; R_SPF_ALLOW(-0.20)[+ip4:78.46.223.134]; NEURAL_HAM_LONG(-1.00)[-1.000]; MIME_GOOD(-0.10)[text/plain]; SPAMHAUS_ZRD(0.00)[78.46.223.134:from:127.0.2.255]; RCVD_COUNT_THREE(0.00)[4]; TO_MATCH_ENVRCPT_SOME(0.00)[]; TO_DN_ALL(0.00)[]; DKIM_TRACE(0.00)[dismail.de:+]; RCPT_COUNT_TWO(0.00)[2]; DWL_DNSWL_LOW(-1.00)[dismail.de:dkim]; NEURAL_HAM_SHORT(-1.00)[-1.000]; DMARC_POLICY_ALLOW(-0.50)[dismail.de,reject]; FROM_EQ_ENVFROM(0.00)[]; MIME_TRACE(0.00)[0:+]; RCVD_TLS_LAST(0.00)[]; ASN(0.00)[asn:24940, ipnet:78.46.0.0/15, country:DE]; MID_RHS_MATCH_FROM(0.00)[]; MAILMAN_DEST(0.00)[freebsd-questions]; RCVD_IN_DNSWL_LOW(-0.10)[78.46.223.134:from] X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 23 May 2021 16:42:41 -0000 On Sun, 23 May 2021 11:36:47 -0500 Valeri Galtsev wrote: > Dear All, >=20 > as a lazy person, before I start rewriting all my ipfw scripts I > decided to ask somebody=E2=80=99s else wisdom. It is possible that I miss= ed > something I have to do related to ipfw in this particular upgrade: > from 12.2-RELEASE to 13.0-RELEASE >=20 > I have a bunch of boxes that I have rather similar (though not > identical) ipfw scripts on, these were written a while back (around > 8.x-RELEASE), and were just slightly modified on some occasions. None > of previous upgrades 8 =E2=80=94> 9; 9 =E2=80=94> 10,.. 11 =E2=80=94> 12 = led to any problems > as far as ipfw is concerned. I was just rebooting the machine after > kernel upgrade, and after userland upgrade and all pkg > reinstallation, I was testing things as usually, no problem with ipfw. >=20 > After this upgrade: to 13.0-RELEASE, ipfw effectively locks any > remote access to the box (except for ping). My first guess was I just > missed relevant part in release notes (which I must confess I rarely > read carefully), but I don=E2=80=99t find anything special related to ipf= w. >=20 > I hope, someone points me too obvious =E2=80=9Cpilot error=E2=80=9D I mad= e. Before I > start re-creating ipfw scripts, and testing every line in them as did > when I was learning it when first started playing with ipfw. >=20 > Thanks in advance for all your answers. >=20 > Valeri >=20 > ++++++++++++++++++++++++++++++++++++++++ > Valeri Galtsev > Sr System Administrator > Department of Astronomy and Astrophysics > Kavli Institute for Cosmological Physics > University of Chicago > Phone: 773-702-4247 > ++++++++++++++++++++++++++++++++++++++++ > _______________________________________________ > freebsd-questions@freebsd.org mailing list > https://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to > "freebsd-questions-unsubscribe@freebsd.org" My IPFW start making problems too which I didn't have on previous versions. I am not an expert and I just switch to PF 1 hour ago.=20 --=20 =E2=80=9CThinking is difficult, that=E2=80=99s why most people judge.=E2=80= =9D Carl Jung