Date: Mon, 26 Feb 1996 10:31:33 -0500 From: "Frank E. Terhaar-Yonkers" <fty@mcnc.org> To: stable@FreeBSD.ORG Subject: Re: -stable hangs at boot (fwd) Message-ID: <199602261531.KAA11962@robin.mcnc.org.mcnc.org>
next in thread | raw e-mail | index | archive | help
Having IPACCT defined also breaks -stable. And no, I don't know WHY I had this defined, but it turns on some of the ip_fw code in ip_input.c resulting in a link error trying to find ip_fw_init. - Frank >To: michael butler <imb@scgt.oz.au> >cc: stable@FreeBSD.ORG, current@FreeBSD.ORG >Subject: Re: -stable hangs at boot (fwd) >Date: Mon, 26 Feb 1996 14:26:23 +0100 >From: Poul-Henning Kamp <phk@critter.tfs.com> > >> If you ^C your way to a shell prompt, there's a single rule that's in the >> firewall list saying "deny all from any to any". Courtesy of the same recent >> brain-damage in ipfw(8), you can't delete this rule either ("setsockopt >> failed"). > >If you call this "brain-damage" then you quite clearly don't need IPFW. > >> I suspect the very same problem in -current. >> >> The only workaround I can think of is to add "ipfw addf accept .." >> statements _prior_ to the running of ifconfig in netstart .. theory as yet >> untested .. > >This is all correct, designed that way, and it is the way it should work, >according to all material I have on the subject. > >If you have IPFW in your kernel, you don't want it to pass any packets >you haven't approved in your filters. > >QED: Setup your filters before anything gets passed. > >Wrt to the rule #65535 "deny all from any to any", then you are correct, >you cannot delete it. It represents the default policy of "anything not >specifically allowed, is banned. > >If you want to have another policy, they you must define rules that >implement that policy, "65000 allow all from any to any" sounds like the >policy for your needs. > >If you want to dispute this design, then please find at least one textbook >or capacity in the area who agree with you first, that will save a lot of >my time. > >-- >Poul-Henning Kamp | phk@FreeBSD.ORG FreeBSD Core-team. >http://www.freebsd.org/~phk | phk@login.dknet.dk Private mailbox. >whois: [PHK] | phk@ref.tfs.com TRW Financial Systems, Inc. >Future will arrive by its own means, progress not so. > \\\\////\\\\////\\\\\////\\\\\////\\\\////\\\\////\\\\////\\\\////\\\\////\\\\ Frank Terhaar-Yonkers, Manager High Performance Computing and Communications Research MCNC PO Box 12889 3021 Cornwallis Road Research Triangle Park, North Carolina 27709-2889 fty@mcnc.org voice (919)248-1417 FAX (919)248-1455 http://www.mcnc.org/hpcc.html
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199602261531.KAA11962>