From owner-freebsd-stable Tue Dec 2 12:36:34 1997 Return-Path: Received: (from root@localhost) by hub.freebsd.org (8.8.7/8.8.7) id MAA01232 for stable-outgoing; Tue, 2 Dec 1997 12:36:34 -0800 (PST) (envelope-from owner-freebsd-stable) Received: from mail.san.rr.com (ns.san.rr.com [204.210.0.1]) by hub.freebsd.org (8.8.7/8.8.7) with ESMTP id MAA01224 for ; Tue, 2 Dec 1997 12:36:31 -0800 (PST) (envelope-from Studded@dal.net) Received: from dal.net (dt051n19.san.rr.com [204.210.32.25]) by mail.san.rr.com (8.8.7/8.8.7) with ESMTP id MAA10856; Tue, 2 Dec 1997 12:36:58 -0800 (PST) Message-ID: <34847131.F91E29D8@dal.net> Date: Tue, 02 Dec 1997 12:36:01 -0800 From: Studded X-Mailer: Mozilla 4.04 [en] (X11; I; FreeBSD 2.2.5-11-30-STABLE i386) MIME-Version: 1.0 To: Dan Jacobowitz CC: freebsd-stable@freebsd.org Subject: Re: ipfw between kernel versions References: Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-stable@freebsd.org X-Loop: FreeBSD.org Precedence: bulk Dan Jacobowitz wrote: > > I just attempted to upgrade a 2.2.2 machine to 2.2.5 kernel, and I ran > into a little problem. As near as I have been able to tell, the ipfw > ioctl's changed between the two, causing ipfw to fail and not put in place > the allow all rules needed to counter the default policy - thus no > network. > > Is my interpretation of this correct? Yes. > Should I just install 2.2.5 ipfw? No. > (I'm going to make installworld after I get the kernel in, but based on > past experience I want to do those two seperately.) > > Will the 2.2.5 ipfw work with a 2.2.2 kernel at all? No. I'm not sure what past experience you've had, but everything I've ever read, in addition to vast experience indicates that your best course of action is to make the world, build and install a new kernel, then reboot. In fact, due to the changes in ipfw I highly recommend doing make -DCLOBBER world (in addition to whatever you usually use, -DNOPROFILE is common) because it's possible that the old include files are causing problems during make world to 2.2.5. Another point of possible interest, Alex was kind enough to import the option to make the default ipfw rule "allow" instead of "deny" from -Current, which sounds like it might help you. See LINT for the details. Good luck, Doug