Date: Mon, 24 May 2021 09:54:24 -0500 (CDT) From: Karl Dunn <kldunn@hiwaay.net> To: freebsd-questions@freebsd.org, Valeri Galtsev <galtsev@kicp.uchicago.edu> Subject: Re: After upgrade to 13.0-RELEASE ipfw locks the boxes Message-ID: <1e9112d7-2b86-568c-86b4-ee44e4cfd6c@illiac.kad-hg.org>
next in thread | raw e-mail | index | archive | help
On 5/23/21 11:36 AM CDT, Valeri Galtsev <galtsev@kicp.uchicago.edu> wrote: Dear All, as a lazy person, before I start rewriting all my ipfw scripts I decided to ask somebody?s else wisdom. It is possible that I mi ssed something I have to do related to ipfw in this particular upgrade: from 12.2-RELEASE to 13.0-RELEASE I have a bunch of boxes that I have rather similar (though not identical) ipfw scripts on, these were written a while back (arou nd 8.x-RELEASE), and were just slightly modified on some occasions. None of previous upgrades 8 ?> 9; 9 ?> 10,.. 11 ?> 12 led to any problems as far as ipfw is concerned. I was just rebooting the machine after kernel upgrade, and after userland upgrade and all pkg reinstallation, I was testing things as usually, no problem with ipfw. After this upgrade: to 13.0-RELEASE, ipfw effectively locks any remote access to the box (except for ping). My first guess was I just missed relevant part in release notes (which I must confess I rarely read carefully), but I don?t find anything special re lated to ipfw. I hope, someone points me too obvious ?pilot error? I made. Before I start re-creating ipfw scripts, and testing every line in t hem as did when I was learning it when first started playing with ipfw. Thanks in advance for all your answers. Valeri ++++++++++++++++++++++++++++++++++++++++ Valeri Galtsev Sr System Administrator Department of Astronomy and Astrophysics Kavli Institute for Cosmological Physics University of Chicago Phone: 773-702-4247 ++++++++++++++++++++++++++++++++++++++++ Valeri: A wild and unlikely guess (because ping works and nothing else does): Interfaces name(s) have changed, e.g. what was em0 is now em1. It might help to post relevant parts (or all) of dmesg, rc.conf and loader.conf, and the (sanitized) ipfw rules. I am on the digest for freebsd-auestions, so I will get your response quicker if you copy me at kdunn@acm.org. -- Karl Dunn kdunn@acm.org
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1e9112d7-2b86-568c-86b4-ee44e4cfd6c>