Date: Tue, 28 May 2002 15:53:51 -0600 From: Irwan Hadi <irwanhadi@phxby.com> To: Matthew Dillon <dillon@apollo.backplane.com> Cc: Irwan Hadi <irwanhadi@phxby.com>, Jeff Jirsa <jeff@boris.st.hmc.edu>, freebsd-questions@FreeBSD.ORG, freebsd-stable@FreeBSD.ORG Subject: Re: Server won't boot after recompile the kernel with ipfw support Message-ID: <20020528155351.B26334@phxby.com> In-Reply-To: <200205282137.g4SLbrun025037@apollo.backplane.com>; from dillon@apollo.backplane.com on Tue, May 28, 2002 at 03:37:20PM -0600 References: <20020528142640.A22370@phxby.com> <20020528133316.S16405-100000@boris.st.hmc.edu> <20020528150941.A24676@phxby.com> <200205282131.g4SLVmYZ024980@apollo.backplane.com> <200205282137.g4SLbrun025037@apollo.backplane.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, May 28, 2002 at 03:37:20PM -0600, Matthew Dillon wrote: > Oh, I forgot to mention. A very common mistake when upgrading a system > is to install a new kernel without installing a new world, or to install > a new world without installing a new kernel. > > This can create a situation where the machine is unable to add any firewall > rules, resulting in the network being permanently disabled. This occurs > when the kernel structures used by the 'ipfw' binary are incompatible > with the structures the running kernel expects. > > It is very important when upgrading a machine to install both a new kernel > AND A new world before rebooting. Alternatively if you compile a custom > kernel and set the IPFIREWALL_DEFAULT_TO_ACCEPT option in addition to > the IPFIREWALL option, then at least the kernel will boot into a default > state that allows the network to work, even if the ipfw binary is broken. Thanks for the tips. By the way I got one question, why the firewall features is not bundled in the default FreeBSD installation ? It seems the firewall features in FreeBSD looks like an "easter egg", since it is not defined in the /usr/src/sys/i386/conf/GENERIC, but only on the FreeBSD homepage ? Thanks > > -Matt To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020528155351.B26334>