From owner-freebsd-stable@freebsd.org  Mon Aug  1 09:28:39 2016
Return-Path: <owner-freebsd-stable@freebsd.org>
Delivered-To: freebsd-stable@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 83139BAA99A;
 Mon,  1 Aug 2016 09:28:39 +0000 (UTC)
 (envelope-from smithi@nimnet.asn.au)
Received: from sola.nimnet.asn.au (paqi.nimnet.asn.au [115.70.110.159])
 (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id EFC5F198D;
 Mon,  1 Aug 2016 09:28:38 +0000 (UTC)
 (envelope-from smithi@nimnet.asn.au)
Received: from localhost (localhost [127.0.0.1])
 by sola.nimnet.asn.au (8.14.2/8.14.2) with ESMTP id u719SXvc041396;
 Mon, 1 Aug 2016 19:28:33 +1000 (EST)
 (envelope-from smithi@nimnet.asn.au)
Date: Mon, 1 Aug 2016 19:28:33 +1000 (EST)
From: Ian Smith <smithi@nimnet.asn.au>
To: Kevin Oberman <rkoberman@gmail.com>
cc: FreeBSD-STABLE Mailing List <freebsd-stable@freebsd.org>,
 freebsd-ipfw@freebsd.org
Subject: Re: Significant missing item in 11.0 release notes
In-Reply-To: <CAN6yY1t4CoG1DSN1bJJTfUxjQJxWR=k0Lr3gx0v0Wvu=LmMhpw@mail.gmail.com>
Message-ID: <20160801191550.J29054@sola.nimnet.asn.au>
References: <CAN6yY1t4CoG1DSN1bJJTfUxjQJxWR=k0Lr3gx0v0Wvu=LmMhpw@mail.gmail.com>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
X-BeenThere: freebsd-stable@freebsd.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Production branch of FreeBSD source code <freebsd-stable.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-stable>, 
 <mailto:freebsd-stable-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-stable/>
List-Post: <mailto:freebsd-stable@freebsd.org>
List-Help: <mailto:freebsd-stable-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-stable>,
 <mailto:freebsd-stable-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 01 Aug 2016 09:28:39 -0000

On Sun, 31 Jul 2016 12:28:06 -0700, Kevin Oberman wrote:

 > This morning I updated my min user system from 10.3-Stable to 11.0-BETA3.
 > In general, things went well, but I had two issues that prevented the
 > network from operating. the first is a lack of documentation in the Release
 > Notes and the second is a driver issue. Since they are in no way related,
 > I'll send the report of the driver issue later.
 > 
 > I use ipfw(8) tables in my firewall configuration. Unfortunately, 11.0 has
 > introduced a totally re-worked tables structure. The new structure is
 > awesome and I read about it at the time the changes were being planned and
 > implemented, but had forgotten. As a result the very first line in my
 > configuration, "table 1 flush" was no longer valid and the remainder of the
 > file was ignored.
 > 
 > I assumed that I had missed this in the release notes, but I can find no
 > reference to this significant change that simultaneously greatly enhanced
 > ipfw table functionality, but also broke my configuration. While the fix
 > was trivial, if the Release Notes had addressed this, I would not have had
 > the problem in the first place.

I don't see this as a Release Notes issue - though I guess it will be if 
it cannot be quickly fixed before 11.0-RELEASE - but as a very serious 
and -  as far as I know - unreported regression in ipfw(8).

In 18 years I cannot recall any addition of features, or additional 
options for existing features, that caused any breakage of existing 
rulesets.  What on earth could be invalid about "table 1 flush"?

cc'ing ipfw@, which is most likely where this should be discussed ..

cheers, Ian