Date: Sun, 16 Nov 97 15:09:41 -0800 From: "Studded" <Studded@dal.net> To: "Alex Nash" <nash@Mcs.Net> Cc: "FreeBSD Stable List" <FreeBSD-Stable@FreeBSD.ORG> Subject: Re: Serious problem with ipfw in 11/10 Snap Message-ID: <199711162309.PAA03113@mail.san.rr.com>
next in thread | raw e-mail | index | archive | help
On Sun, 16 Nov 1997 16:05:54 -0600 (CST), Alex Nash wrote: >I think you may have hit the problem right on the head -- all this time I >was assuming that Doug upgraded from a somewhat recent SNAP to an >up-to-the-minute snap, but it looks like that assumption was very wrong. The base system I was using when I did the 11/10 upgrade was 2.2.1 if this makes any difference. Sorry I wasn't clear on that earlier. I was aware of the kernel/userland conflict, and made sure to build a new kernel after the make world completed. I also explained in a previous post that I always delete /usr/obj/* and /usr/src/* before doing a remote upgrade. >I deliberately changed the interface structure so that the new kernel >would reject configuration attempts from the old userland ipfw util -- the >results of which would have been a disaster if went unchecked. That's >why you got the interface error and none of your rules were in effect. In our situation, the rules loaded just fine, but ipfw flush wouldn't delete the 00000 deny all rule. >For future reference, if anyone finds themselves in a similar situation >(that being a new kernel and old userland), you can fix it by: > > 1. Copy /usr/src/sys/netinet/ip_fw.h to /usr/include/netinet > (or make install in /usr/src/include) > 2. cd /usr/src/sbin/ipfw > 3. make && make install > >This will install an updated version of ipfw that will talk to the >new kernel. Hmm.. is it possible that something happened during the make world process that used the old 2.2.1 version of ip_fw.h that was in /usr/include? If so, that would explain why rebuilding the next day with identical -Stable sources solved the problem. Doug *** Proud operator, designer and maintainer of the world's largest *** Internet Relay Chat server. 4,168 clients and still growing. :-) *** Try spider.dal.net on ports 6662-4 (Powered by FreeBSD) *** Part of the DALnet IRC network ***
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199711162309.PAA03113>