Date: Mon, 16 Dec 2002 19:32:14 +0200 From: Ruslan Ermilov <ru@FreeBSD.ORG> To: Nik Clayton <nik@FreeBSD.ORG> Cc: Matthew Dillon <dillon@apollo.backplane.com>, "M. Warner Losh" <imp@bsdimp.com>, sam@errno.com, mux@FreeBSD.ORG, obrien@FreeBSD.ORG, current@FreeBSD.ORG Subject: Re: ipfw userland breaks again. Message-ID: <20021216173214.GA34320@sunbay.com> In-Reply-To: <20021215204723.GE2816@clan.nothing-going-on.org> References: <200212150015.gBF0FlbS066547@apollo.backplane.com> <20021215.111441.05985858.imp@bsdimp.com> <200212151826.gBFIQMpo081407@apollo.backplane.com> <20021215.115657.90648628.imp@bsdimp.com> <200212151908.gBFJ811I081774@apollo.backplane.com> <20021215204723.GE2816@clan.nothing-going-on.org>
next in thread | previous in thread | raw e-mail | index | archive | help
--Dxnq1zWXvFF0Q93v
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
On Sun, Dec 15, 2002 at 08:47:23PM +0000, Nik Clayton wrote:
> On Sun, Dec 15, 2002 at 11:08:01AM -0800, Matthew Dillon wrote:
> >=20
> > :
> > :: This is complete BULLSHIT, Warner. =20
> > :
> > :Your attitude it totally unacceptible. Learn to play well with
> > :others, or get the fuck out of the project.
> >=20
> > Really? You think I should learn to play well with others? You
> > think it's appropriate to request that I spend a man week rewriting
> > an API? You really do? You think it's appropriate to bring up a=
=20
> > bogus security issue when its obvious that no security issue exist=
s,
> > abusing your power in that manner is playing well with others? Th=
is
> > is Warner of core?
>=20
> I think it's more appropriate if you put=20
>=20
> options IPFIREWALL_DEFAULT_TO_ACCEPT
>=20
> on any boxes where you're running test code. That's much more
> acceptable than committing a kludge with a poor choice of name after
> minimal discussion when efforts would be better spent working on other
> rough edges in the run up to 5-release.
>=20
There were times, even within RELENG_4 lifecycle, when IPFW ABI
was broken, making it really hard to remotely upgrade IPFW boxes,
as we're required to boot with the new kernel before doing an
installworld. It once costed me about 12 hours of downtime of
our Australian production box.
This is from the -STABLE's UPDATING:
20010109:
ipfw interface changed. Make sure that the userland and kernel mat=
ch
or you won't have the firewall rules you think you do.
19990620:
IPFW uid/gid-based filtering support has been committed. This
breaks binary compatibility with previous copies of
ipfw(8). Any utilities using the ioctl()s of ipfw (especially
ipfw(8)) need to be recompiled with the newest headers
installed.
19980725:
The ipfw interface to the kernel has changed. You will need to
recompile ipfw programs for the new kernel.
Cheers,
--=20
Ruslan Ermilov Sysadmin and DBA,
ru@sunbay.com Sunbay Software AG,
ru@FreeBSD.org FreeBSD committer,
+380.652.512.251 Simferopol, Ukraine
http://www.FreeBSD.org The Power To Serve
http://www.oracle.com Enabling The Information Age
--Dxnq1zWXvFF0Q93v
Content-Type: application/pgp-signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (FreeBSD)
iD8DBQE9/g4eUkv4P6juNwoRAoKXAJ9h5UGCUkNmBnAiU1AeOt9kVzccXgCfQI7i
NLjjrU5ANa8FH2FjnJ8UIsk=
=iD7Z
-----END PGP SIGNATURE-----
--Dxnq1zWXvFF0Q93v--
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-current" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20021216173214.GA34320>