From owner-freebsd-stable@FreeBSD.ORG Fri Feb 17 21:17:53 2006 Return-Path: X-Original-To: freebsd-stable@freebsd.org Delivered-To: freebsd-stable@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 2728A16A420 for ; Fri, 17 Feb 2006 21:17:53 +0000 (GMT) (envelope-from bsam@ipt.ru) Received: from mail.ipt.ru (mail.ipt.ru [80.253.10.82]) by mx1.FreeBSD.org (Postfix) with ESMTP id 9FC7D43D7E for ; Fri, 17 Feb 2006 21:17:47 +0000 (GMT) (envelope-from bsam@ipt.ru) Received: from admin.sem.ipt.ru ([192.168.12.1] helo=srv.sem.ipt.ru) by mail.ipt.ru with esmtp (Exim 4.54 (FreeBSD)) id 1FACz3-0000gn-8y; Sat, 18 Feb 2006 00:17:45 +0300 Received: from bsam by srv.sem.ipt.ru with local (Exim 4.60 (FreeBSD)) (envelope-from ) id 1FACxO-0003GK-18; Sat, 18 Feb 2006 00:16:02 +0300 To: "Rick Helmus" References: From: Boris Samorodov Date: Sat, 18 Feb 2006 00:16:02 +0300 In-Reply-To: (Rick Helmus's message of "Fri, 17 Feb 2006 21:00:33 +0000") Message-ID: <84894541@srv.sem.ipt.ru> User-Agent: Gnus/5.11 (Gnus v5.11) Emacs/22.0.50 (berkeley-unix) MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Cc: freebsd-stable@freebsd.org Subject: Re: Ignoring firewall startup scripts X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 17 Feb 2006 21:17:53 -0000 On Fri, 17 Feb 2006 21:00:33 +0000 Rick Helmus wrote: > Hello all, > Today I upgraded to stable 6.1. Everything went successfull, however when I > booted I found out that I lost internet. Just a wild guess (you didn't mention it): did you use mergemaster? You didn't say how long was your jump, from which version did you upgrade? /usr/src/UPDATING gives us more than one way to upgrade. Which way did you follow? > I have the following IPFW options in my kernel: > options IPFIREWALL > options IPDIVERT > options IPFIREWALL_FORWARD > rc.conf: > hostname="Rick-FBSD.lan" > ifconfig_rl0="DHCP" > ipv6_enable="NO" > linux_enable="YES" > gateway_enable="YES" > firewall_enable="YES" > firewall_script="/etc/rc.firewall" > firewall_type="open" > #ipv6_firewall_enable="YES" > #ipv6_firewall_type="OPEN" > natd_enable="YES" > natd_interface="rl0" > natd_flags="" > moused_enable="NO" > moused_type="NO" > saver="daemon" > usbd_enable="YES" > #samba_enable="YES" > #cupsd_enable="YES" > vpnbridge_enable="NO" > #allscreens_flags="MODE_280" > After typing 'ipfw list' I found out there was onlyone rule (65535) was > about blocking anything. This is the default afaik. Before upgrading I had > some other rules too (simply using the "open" IPFW firewall type from > rc.firewall). > So I'm assuming the ipfw scripts aren't called anymore? > I modified the kernel to allow anything by default so I got inet again, but > if anyone know a better solution... :) WBR -- Boris B. Samorodov, Research Engineer InPharmTech Co, http://www.ipt.ru Telephone & Internet Service Provider