Skip site navigation (1)Skip section navigation (2)
Date:      Thu, 19 Aug 2004 12:52:30 -0400
From:      John Baldwin <jhb@FreeBSD.org>
To:        freebsd-current@FreeBSD.org
Cc:        current@FreeBSD.org
Subject:   Re: RELENG_5 kernel b0rken with IPFIREWALL and without PFIL_HOOKS
Message-ID:  <200408191252.30593.jhb@FreeBSD.org>
In-Reply-To: <4124D2F0.8050000@theatre.msu.edu>
References:  <20040819154334.GA23926@pit.databus.com> <20040819161315.GB29937@pit.databus.com> <4124D2F0.8050000@theatre.msu.edu>

next in thread | previous in thread | raw e-mail | index | archive | help
On Thursday 19 August 2004 12:18 pm, Jonathan T. Sage wrote:
> Barney Wolff wrote:
> > Sure, invoking ipfw directly works fine when ipfw's compiled into the
> > kernel, as does dotting /etc/rc.firewall.  But /etc/rc.d/ipfw is what's
> > run at boot time, and that would seem, at least as I read it, to require
> > that ipfw be a module, not compiled in.
>
> no, it dosn't, kinda.
>
>          if ! ${SYSCTL} net.inet.ip.fw.enable > /dev/null 2>&1; then
>
> if the sysctl item net.inet.ip.fw.enable does NOT exist, then try and
> load the module.  otherwise, return 0 (all ok)
>
>                  if ! kldload ipfw; then
>                          warn unable to load firewall module.
>                          return 1
>                  fi
>          fi
>
> it is failing because the net.inet.ip.fw.enable sysctl was removed.  the
> script needs to be updated to rely on one of the still existing sysctls.
>   as of right now, with no edits, the script cannot complete succesfully
> unless ipfw is left as a module.  No doubt this will be fixed shortly.

Does it work ok if you change it to be 'net.inet.ip.fw'?

-- 
John Baldwin <jhb@FreeBSD.org>  <><  http://www.FreeBSD.org/~jhb/
"Power Users Use the Power to Serve"  =  http://www.FreeBSD.org



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200408191252.30593.jhb>