Date: Sun, 13 Jul 2003 13:31:07 +0100 (BST) From: "Matt" <matt@xtaz.co.uk> To: luigi@FreeBSD.org Cc: current@freebsd.org Subject: Re: IPFW and/or rc rule parsing not working since today's cvsup Message-ID: <49205.192.168.1.10.1058099467.squirrel@webmail.xtaz.co.uk> In-Reply-To: <49176.192.168.1.10.1058098656.squirrel@webmail.xtaz.co.uk> References: <49176.192.168.1.10.1058098656.squirrel@webmail.xtaz.co.uk>
next in thread | previous in thread | raw e-mail | index | archive | help
Matt said: > I normally sync to current once a week and have just done it today: > > FreeBSD tao.xtaz.co.uk 5.1-CURRENT FreeBSD 5.1-CURRENT #0: Sun Jul 13 > 12:24:40 BST 2003 root@shakira.xtaz.co.uk:/usr/obj/usr/src/sys/TAO > i386 > > The problem is though that it looks like IPFW or RC has changed how it > works. I'm not sure if this is intentional or not though. If it is > intentional then I think it is a violation of POLA. > > The problem I have is this. In rc.conf I have the following: > > firewall_enable="YES" > firewall_script="/etc/rc.firewall" > firewall_type="/etc/ipfw.conf" > > And in /etc/ipfw.conf I have sets of rules one line at a time like: > > add 00010 divert natd all from any to any via xl0 > add 00120 allow tcp from any to any 80 via xl0 > > etc. > > This has always worked for me ever since I first started using ipfw on > fbsd 4.1 and has always worked on current until today's cvsup. Now though > no rules get loaded. > > If I try what I have always done in the past which is ipfw -q flush && > ipfw /etc/ipfw.conf then it tells me: > > usage: ipfw [options] > do "ipfw -h" or see ipfw manpage for details > > Whereas before this week this worked perfectly. The /etc/rc.firewall still > says that you can set a filename for the firewall_type so I assume this > should still work as in fact just broken rather than a POLA. > > I definatly mergemaster'd everything that had changed properly. In fact I > have even just run it again in case I missed something and everything is > up to date. > > Any comments? > > Regards, Matt. > > -- > email: matt@xtaz.co.uk - web: http://xtaz.co.uk/ > Hardware, n.: The parts of a computer system that can be kicked. I have noticed that there have been a large number of ipfw commits this week in the cvs logs and so I believe this could be related. I am therefore emailing this direct to luigi as hopefully he can help :) -- email: matt@xtaz.co.uk - web: http://xtaz.co.uk/ Hardware, n.: The parts of a computer system that can be kicked.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?49205.192.168.1.10.1058099467.squirrel>