Date: 27 Jul 2002 14:43:35 -0400 From: Dan Pelleg <daniel+bsd@pelleg.org> To: Luigi Rizzo <luigi@freebsd.org> Cc: ipfw@freebsd.org Subject: Re: HEADS-UP ipfw now in -stable (as an optional replacement of the old ipfw) Message-ID: <u2sit31royw.fsf@gs166.sp.cs.cmu.edu> In-Reply-To: <20020723202849.A82296@iguana.icir.org> References: <20020723202849.A82296@iguana.icir.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Luigi Rizzo <luigi@freebsd.org> writes: > FYI.... > > (please read the commit log below before complaining). > > cheers > luigi > > From: Luigi Rizzo <luigi@FreeBSD.ORG> > Subject: cvs commit: src/sys/netinet ip_fw2.c ip_fw2.h src/sys/conf files > options src/sbin/ipfw Makefile ipfw2.c src/lib/libalias Makefile > alias_db.c > To: cvs-committers@FreeBSD.ORG, cvs-all@FreeBSD.ORG > Date: Tue, 23 Jul 2002 20:21:24 -0700 (PDT) > > > luigi 2002/07/23 20:21:24 PDT > > Modified files: (Branch: RELENG_4) > sys/conf options files > sbin/ipfw Makefile > lib/libalias Makefile alias_db.c > Added files: (Branch: RELENG_4) > sys/netinet ip_fw2.h ip_fw2.c > sbin/ipfw ipfw2.c > Log: > Bring ipfw2 into the -stable tree. This will give more people a > chance to test it, and hopefully accelerate the transition from the > old to the new ipfw code. > > NOTE: THIS COMMIT WILL NOT CHANGE THE FIREWALL YOU USE, > NOR A SINGLE BIT IN YOUR KERNEL AND BINARIES. > YOU WILL KEEP USING YOUR OLD "ipfw" UNLESS YOU: > > + add "options IPFW2" (undocumented) to your kernel config file; > > + compile and install sbin/ipfw and lib/libalias with > make -DIPFW2 > > in other words, you must really want it. > I need some help here. Does this mean: 1. change kernel config to include IPFW2 2. buildworld, buildkernel, installkernel, installworld 3. cd to /usr/src/sbin/ipfw and make -DIPFW2 ; make -DIPFW2 install 4. cd to /usr/src/lib/libalias and make -DIPFW2 ; make -DIPFW2 install I got it to work that way but I have doubts since it won't work when the build machine is not the same one as the installed machine. Also, as others suggested, it would be nice to have a way to detect if IPFW2 is in the running kernel and what flavor the installed ipfw(8) is. Currently, it's just too easy to mismatch kernel and userland and end up with a kernel that's defaulting to deny and no userland tool to add any rules to it. I just got that on a machine that installs its world and kernel over NFS - ouch. -- Dan Pelleg To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ipfw" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?u2sit31royw.fsf>