From owner-freebsd-questions@FreeBSD.ORG Wed Jan 21 09:30:03 2015 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 506D22D0 for ; Wed, 21 Jan 2015 09:30:03 +0000 (UTC) Received: from mail-lb0-x234.google.com (mail-lb0-x234.google.com [IPv6:2a00:1450:4010:c04::234]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id C2EC8144 for ; Wed, 21 Jan 2015 09:30:02 +0000 (UTC) Received: by mail-lb0-f180.google.com with SMTP id b6so12613638lbj.11 for ; Wed, 21 Jan 2015 01:30:00 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc:content-type; bh=iRVs/pxX6sq7yxWTtSGsYJiEIymyCMryHn9e9sFnbuk=; b=vI/aafvwFiN4/1NQX8vJRfbfxLtFQRSlif96QPwY7VtJdi209Wkeo2FdQE1x7XROt5 ofZ0omiWx3Iusj8Wfg0q7afkZFscijqiILXa+Daj3Nvcb+PZsu1qWOslEmFdVLRLI+sw ub4CP4WVP4ZDZpPVw+08Ajs4IDGuDVXtrsfHBns7h8DtI8QxiNpQ3nNylykiz9K01kYq wCm4l1RxHOLuy/Smwcsz3GZStzFpsjD49zIlHULa7tDstZa7R/yEi6OhRMXLOqTHF8UW yM4Acprk+S5LgxAzGbfyykxz9ZUNmL+I5mekpYz4+qis5QmZ9uMaFHwcUMhz0oSEz2rB YtGQ== X-Received: by 10.152.25.129 with SMTP id c1mr43606824lag.65.1421832600860; Wed, 21 Jan 2015 01:30:00 -0800 (PST) MIME-Version: 1.0 Received: by 10.112.20.229 with HTTP; Wed, 21 Jan 2015 01:29:20 -0800 (PST) In-Reply-To: <54BF7050.90605@ShaneWare.Biz> References: <54BF7050.90605@ShaneWare.Biz> From: Odhiambo Washington Date: Wed, 21 Jan 2015 12:29:20 +0300 Message-ID: Subject: Re: IPFilter & FreeBSD-10.1 To: Shane Ambler Content-Type: text/plain; charset=ISO-8859-1 X-Content-Filtered-By: Mailman/MimeDel 2.1.18-1 Cc: User Questions X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 21 Jan 2015 09:30:03 -0000 Hi Shane, Where is the new syntax documented? Or I just have to 'man ipf'? I'd love to see a web discussion about it, which I obviously missed. Is there a sort of rule converter? :-) Thank you for mentioning this syntax thing. Must be the one that was biting me on 10.1 On 21 January 2015 at 12:24, Shane Ambler wrote: > On 21/01/2015 16:15, Odhiambo Washington wrote: > >> Hi Ben, >> >> Thanks for this. I actually read this bit of it having been updated to >> version 5.1.2 in FreeBSD 10.0. >> >> However, my problem emanated from the fact that rules that I use on >> FreeBSD-8.4/9.3 simply could not work on 10.1 >> >> I simply carried the rules over, and did not compile a custom kernel on >> 10.1. I was believing that the module will be automatically loaded and >> rules would work. They didn't! Only 'ipf -D' would let connections to be >> made from LAN PCs to my gateway PC.. >> > > I read a post in which someone had to copy the sources from 9.x to 10.x >> and >> recompile in order to get it to work with the rules from 9.x >> > > The update from 4.1.28->5.1.2 may include changes that requires > adjusting old rules to the new syntax. > > While going back to an older version can get your old settings to work > again it also removes any security fixes from the update. Updating your > ruleset would be a better solution. > > > -- > FreeBSD - the place to B...Software Developing > > Shane Ambler > > -- Best regards, Odhiambo WASHINGTON, Nairobi,KE +254733744121/+254722743223 "I can't hear you -- I'm using the scrambler."