From owner-freebsd-current  Sat Dec 14 14:12:54 2002
Delivered-To: freebsd-current@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP
	id 637AA37B401; Sat, 14 Dec 2002 14:12:53 -0800 (PST)
Received: from elvis.mu.org (elvis.mu.org [192.203.228.196])
	by mx1.FreeBSD.org (Postfix) with ESMTP
	id 210F843ED1; Sat, 14 Dec 2002 14:12:53 -0800 (PST)
	(envelope-from mux@freebsd.org)
Received: by elvis.mu.org (Postfix, from userid 1920)
	id E227FAE160; Sat, 14 Dec 2002 14:12:52 -0800 (PST)
Date: Sat, 14 Dec 2002 14:12:52 -0800
From: Maxime Henrion <mux@freebsd.org>
To: Matthew Dillon <dillon@apollo.backplane.com>
Cc: David O'Brien <obrien@FreeBSD.ORG>, current@FreeBSD.ORG
Subject: Re: ipfw userland breaks again.
Message-ID: <20021214221252.GF27086@elvis.mu.org>
References: <200212142025.aa99706@salmon.maths.tcd.ie> <200212142038.gBEKcDVv029924@apollo.backplane.com> <20021214204426.GA62058@dragon.nuxi.com> <200212142209.gBEM9D8p002479@apollo.backplane.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <200212142209.gBEM9D8p002479@apollo.backplane.com>
User-Agent: Mutt/1.4i
Sender: owner-freebsd-current@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-current.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-current>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-current>
X-Loop: FreeBSD.ORG

Matthew Dillon wrote:
> 
> :
> :On Sat, Dec 14, 2002 at 12:38:13PM -0800, Matthew Dillon wrote:
> :>     then, as usual, IPFW with the new kernel and
> :>     old world fails utterly and now the fragging machine can't access the
> :
> :Hear hear!!  I am >< tempted to have /sbin/ipfw moved to src/sys.
> 
>     How about something like this (patch enclosed).  If there are no
>     objections I will commit it along with a documentation update, and
>     maybe also add some RC code give the sysad a chance to ipfw unbreak if
>     ipfw otherwise fails during the boot sequence.

I have a patch here which makes the IPFIREWALL_DEFAULT_TO_ACCEPT tunable
at module load time using a kernel environment variable.  Looks to me
that it would do what you want.

Maxime

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-current" in the body of the message