Date: Mon, 26 Feb 1996 10:31:33 -0500 From: "Frank E. Terhaar-Yonkers" <fty@mcnc.org> To: stable@FreeBSD.ORG Subject: Re: -stable hangs at boot (fwd) Message-ID: <199602261531.KAA11962@robin.mcnc.org.mcnc.org>
next in thread | raw e-mail | index | archive | help
Having IPACCT defined also breaks -stable. And no, I don't know WHY
I had this defined, but it turns on some of the ip_fw code in ip_input.c
resulting in a link error trying to find ip_fw_init.
- Frank
>To: michael butler <imb@scgt.oz.au>
>cc: stable@FreeBSD.ORG, current@FreeBSD.ORG
>Subject: Re: -stable hangs at boot (fwd)
>Date: Mon, 26 Feb 1996 14:26:23 +0100
>From: Poul-Henning Kamp <phk@critter.tfs.com>
>
>> If you ^C your way to a shell prompt, there's a single rule that's in the
>> firewall list saying "deny all from any to any". Courtesy of the same recent
>> brain-damage in ipfw(8), you can't delete this rule either ("setsockopt
>> failed").
>
>If you call this "brain-damage" then you quite clearly don't need IPFW.
>
>> I suspect the very same problem in -current.
>>
>> The only workaround I can think of is to add "ipfw addf accept .."
>> statements _prior_ to the running of ifconfig in netstart .. theory as yet
>> untested ..
>
>This is all correct, designed that way, and it is the way it should work,
>according to all material I have on the subject.
>
>If you have IPFW in your kernel, you don't want it to pass any packets
>you haven't approved in your filters.
>
>QED: Setup your filters before anything gets passed.
>
>Wrt to the rule #65535 "deny all from any to any", then you are correct,
>you cannot delete it. It represents the default policy of "anything not
>specifically allowed, is banned.
>
>If you want to have another policy, they you must define rules that
>implement that policy, "65000 allow all from any to any" sounds like the
>policy for your needs.
>
>If you want to dispute this design, then please find at least one textbook
>or capacity in the area who agree with you first, that will save a lot of
>my time.
>
>--
>Poul-Henning Kamp | phk@FreeBSD.ORG FreeBSD Core-team.
>http://www.freebsd.org/~phk | phk@login.dknet.dk Private mailbox.
>whois: [PHK] | phk@ref.tfs.com TRW Financial Systems, Inc.
>Future will arrive by its own means, progress not so.
>
\\\\////\\\\////\\\\\////\\\\\////\\\\////\\\\////\\\\////\\\\////\\\\////\\\\
Frank Terhaar-Yonkers, Manager
High Performance Computing and Communications Research
MCNC
PO Box 12889 3021 Cornwallis Road
Research Triangle Park, North Carolina 27709-2889
fty@mcnc.org voice (919)248-1417 FAX (919)248-1455
http://www.mcnc.org/hpcc.html
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199602261531.KAA11962>