From owner-freebsd-questions  Tue May 28 14:54:37 2002
Delivered-To: freebsd-questions@freebsd.org
Received: from irwanhadi.dorms.usu.edu (irwanhadi.dorms.usu.edu [129.123.230.12])
	by hub.freebsd.org (Postfix) with ESMTP
	id 3A51437B400; Tue, 28 May 2002 14:54:28 -0700 (PDT)
Received: by irwanhadi.dorms.usu.edu (Postfix, from userid 501)
	id 3DC4BC83FA; Tue, 28 May 2002 15:53:51 -0600 (MDT)
Date: Tue, 28 May 2002 15:53:51 -0600
From: Irwan Hadi <irwanhadi@phxby.com>
To: Matthew Dillon <dillon@apollo.backplane.com>
Cc: Irwan Hadi <irwanhadi@phxby.com>,
	Jeff Jirsa <jeff@boris.st.hmc.edu>, freebsd-questions@FreeBSD.ORG,
	freebsd-stable@FreeBSD.ORG
Subject: Re: Server won't boot after recompile the kernel with ipfw support
Message-ID: <20020528155351.B26334@phxby.com>
Mail-Followup-To: Matthew Dillon <dillon@apollo.backplane.com>,
	Irwan Hadi <irwanhadi@phxby.com>, Jeff Jirsa <jeff@boris.st.hmc.edu>,
	freebsd-questions@FreeBSD.ORG, freebsd-stable@FreeBSD.ORG
References: <20020528142640.A22370@phxby.com> <20020528133316.S16405-100000@boris.st.hmc.edu> <20020528150941.A24676@phxby.com> <200205282131.g4SLVmYZ024980@apollo.backplane.com> <200205282137.g4SLbrun025037@apollo.backplane.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.2.5i
In-Reply-To: <200205282137.g4SLbrun025037@apollo.backplane.com>; from dillon@apollo.backplane.com on Tue, May 28, 2002 at 03:37:20PM -0600
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-questions.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-questions>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-questions>
X-Loop: FreeBSD.ORG

On Tue, May 28, 2002 at 03:37:20PM -0600, Matthew Dillon wrote:

>    Oh, I forgot to mention.  A very common mistake when upgrading a system
>    is to install a new kernel without installing a new world, or to install
>    a new world without installing a new kernel.
> 
>    This can create a situation where the machine is unable to add any firewall
>    rules, resulting in the network being permanently disabled.  This occurs
>    when the kernel structures used by the 'ipfw' binary are incompatible
>    with the structures the running kernel expects.
> 
>    It is very important when upgrading a machine to install both a new kernel
>    AND A new world before rebooting.  Alternatively if you compile a custom
>    kernel and set the IPFIREWALL_DEFAULT_TO_ACCEPT option in addition to
>    the IPFIREWALL option, then at least the kernel will boot into a default
>    state that allows the network to work, even if the ipfw binary is broken.

Thanks for the tips. By the way I got one question, why the firewall
features is not bundled in the default FreeBSD installation ?
It seems the firewall features in FreeBSD looks like an "easter egg", since it
is not defined in the /usr/src/sys/i386/conf/GENERIC, but only on the
FreeBSD homepage ?

Thanks

> 
> 						-Matt

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message