From owner-freebsd-questions@FreeBSD.ORG Wed Jan 21 23:32:40 2015 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id C47076D6 for ; Wed, 21 Jan 2015 23:32:40 +0000 (UTC) Received: from cosmo.uchicago.edu (cosmo.uchicago.edu [128.135.52.97]) by mx1.freebsd.org (Postfix) with ESMTP id 9C48FF71 for ; Wed, 21 Jan 2015 23:32:40 +0000 (UTC) Received: by cosmo.uchicago.edu (Postfix, from userid 48) id 22C5ACB8C9B; Wed, 21 Jan 2015 17:32:34 -0600 (CST) Received: from 128.135.70.2 (SquirrelMail authenticated user valeri) by cosmo.uchicago.edu with HTTP; Wed, 21 Jan 2015 17:32:34 -0600 (CST) Message-ID: <51264.128.135.70.2.1421883154.squirrel@cosmo.uchicago.edu> In-Reply-To: References: <54BF7050.90605@ShaneWare.Biz> Date: Wed, 21 Jan 2015 17:32:34 -0600 (CST) Subject: Re: IPFilter & FreeBSD-10.1 From: "Valeri Galtsev" To: "Odhiambo Washington" Reply-To: galtsev@kicp.uchicago.edu User-Agent: SquirrelMail/1.4.8-5.el5.centos.7 MIME-Version: 1.0 Content-Type: text/plain;charset=iso-8859-1 Content-Transfer-Encoding: 8bit X-Priority: 3 (Normal) Importance: Normal Cc: User Questions , Shane Ambler X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 21 Jan 2015 23:32:40 -0000 On Wed, January 21, 2015 3:29 am, Odhiambo Washington wrote: > Hi Shane, > > Where is the new syntax documented? Or I just have to 'man ipf'? I'd love > to see a web discussion about it, which I obviously missed. > > Is there a sort of rule converter? :-) > > Thank you for mentioning this syntax thing. Must be the one that was > biting > me on 10.1 > > > > On 21 January 2015 at 12:24, Shane Ambler wrote: > >> On 21/01/2015 16:15, Odhiambo Washington wrote: >> >>> Hi Ben, >>> >>> Thanks for this. I actually read this bit of it having been updated to >>> version 5.1.2 in FreeBSD 10.0. >>> >>> However, my problem emanated from the fact that rules that I use on >>> FreeBSD-8.4/9.3 simply could not work on 10.1 >>> >>> I simply carried the rules over, and did not compile a custom kernel on >>> 10.1. I was believing that the module will be automatically loaded and >>> rules would work. They didn't! Only 'ipf -D' would let connections to >>> be >>> made from LAN PCs to my gateway PC.. >>> >> >> I read a post in which someone had to copy the sources from 9.x to 10.x >>> and >>> recompile in order to get it to work with the rules from 9.x >>> >> >> The update from 4.1.28->5.1.2 may include changes that requires >> adjusting old rules to the new syntax. >> >> While going back to an older version can get your old settings to work >> again it also removes any security fixes from the update. Updating your >> ruleset would be a better solution. >> >> >> -- >> FreeBSD - the place to B...Software Developing >> >> Shane Ambler >> I wonder if anyone knows URl of official website of ipfilter. Both project info on sourceforge (http://sourceforge.net/projects/ipfilter/) and wikipedia page (https://en.wikipedia.org/wiki/IPFilter) point at the place which apparently doesn't exist so you end up getting just front page of the university: http://asiapacific.anu.edu.au/ ... One does want to read the documentation to be able to keep using ipfilter on FreBSD 10.x (as one did on FreeBSD 9.x in the past). And with syntax changed, one does have to read Documentation (and here brilliant FreeBSD documentation seems to be outdated...) Thanks a lot for your answers! Valeri ++++++++++++++++++++++++++++++++++++++++ Valeri Galtsev Sr System Administrator Department of Astronomy and Astrophysics Kavli Institute for Cosmological Physics University of Chicago Phone: 773-702-4247 ++++++++++++++++++++++++++++++++++++++++