From owner-freebsd-ipfw@FreeBSD.ORG  Fri Nov 12 08:47:50 2004
Return-Path: <owner-freebsd-ipfw@FreeBSD.ORG>
Delivered-To: freebsd-ipfw@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id B6C1516A4CE
	for <freebsd-ipfw@freebsd.org>; Fri, 12 Nov 2004 08:47:50 +0000 (GMT)
Received: from mailhost.wsf.at (server202.serveroffice.com [217.196.72.202])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 2ADA443D3F
	for <freebsd-ipfw@freebsd.org>; Fri, 12 Nov 2004 08:47:49 +0000 (GMT)
	(envelope-from tw@wsf.at)
Received: from mailhost.wsf.at (root@localhost)iAC8ht9e000244
	for <freebsd-ipfw@freebsd.org>; Fri, 12 Nov 2004 09:43:55 +0100 (CET)
	(envelope-from tw@wsf.at)
Received: from mailhost.wsf.at (http.wsf.at [217.196.72.203])
	iAC8hsdn000231;	Fri, 12 Nov 2004 09:43:55 +0100 (CET)
	(envelope-from tw@wsf.at)
Date: Fri, 12 Nov 2004 08:43:54 -0000
To: David Roberts <dtrobert@pacbell.net>, freebsd-ipfw@freebsd.org
From: Thomas Wolf <tw@wsf.at>
X-Mailer: twiggi 1.10.3
Message-ID: <20041112094354.fqa1koqnuxkc88@.mailhost.wsf.at>
MIME-Version: 1.0
Content-Disposition: inline
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Subject: Re: upgrading from 5.2.1 to 5.3 broke my ipfw
X-BeenThere: freebsd-ipfw@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
Reply-To: tw@wsf.at
List-Id: IPFW Technical Discussions <freebsd-ipfw.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw>,
	<mailto:freebsd-ipfw-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-ipfw>
List-Post: <mailto:freebsd-ipfw@freebsd.org>
List-Help: <mailto:freebsd-ipfw-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw>,
	<mailto:freebsd-ipfw-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 12 Nov 2004 08:47:50 -0000


David Roberts <dtrobert@pacbell.net> schrieb:

> Hi,
>  I have been using ipfw for some time now and recently upgraded from 5.2.1
> to 5.3. My firewall immediately started blocking me even from pinging
> localhost.  
> 
> I also noted an error around an ipfw log entry I had and commented it out. 
> I checked online and saw an IPFIREWALL_DEFAULT_TO_ACCEPT and figured I'd
> give it a try since I was always frustrated that flushing my rules would
> bump me off. I rebuilt the kernel and now I have the opposite problem,
> eveything is allowed no matter what my rules say. 

Are you 100% sure that your kernel and userland are in sync?
I am pretty sure that ignoring every rule and just applying 
the default rule points to the userland part of ipfw not 
corresponding to the kernel part.

Thomas

--
Thomas Wolf
Wiener Software Fabrik
Dubas u. Wolf GMBH
1050 Wien, Mittersteig 4