From owner-freebsd-ipfw@FreeBSD.ORG Fri Nov 12 16:11:37 2004 Return-Path: Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id F2A1216A4CE for ; Fri, 12 Nov 2004 16:11:36 +0000 (GMT) Received: from smtp812.mail.sc5.yahoo.com (smtp812.mail.sc5.yahoo.com [66.163.170.82]) by mx1.FreeBSD.org (Postfix) with SMTP id B910C43D2D for ; Fri, 12 Nov 2004 16:11:36 +0000 (GMT) (envelope-from dtrobert@pacbell.net) Received: from unknown (HELO MADAGASCAR) (dtrobert@pacbell.net@63.197.250.220 with login) by smtp812.mail.sc5.yahoo.com with SMTP; 12 Nov 2004 16:11:36 -0000 From: "David Roberts" To: , Date: Fri, 12 Nov 2004 08:11:36 -0800 MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Mailer: Microsoft Office Outlook, Build 11.0.6353 Thread-Index: AcTIlE8KINu58RTTQyaWuQDh15OuWwAPX2Rw X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1441 In-Reply-To: <20041112094354.fqa1koqnuxkc88@.mailhost.wsf.at> Message-Id: <20041112161136.B910C43D2D@mx1.FreeBSD.org> Subject: RE: upgrading from 5.2.1 to 5.3 broke my ipfw X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 12 Nov 2004 16:11:37 -0000 David Roberts schrieb: >> Hi, >> I have been using ipfw for some time now and recently upgraded from >> 5.2.1 to 5.3. My firewall immediately started blocking me even from >> pinging localhost. >> >> I also noted an error around an ipfw log entry I had and commented it out. >> I checked online and saw an IPFIREWALL_DEFAULT_TO_ACCEPT and figured >> I'd give it a try since I was always frustrated that flushing my rules >> would bump me off. I rebuilt the kernel and now I have the opposite >> problem, eveything is allowed no matter what my rules say. >Are you 100% sure that your kernel and userland are in sync? >I am pretty sure that ignoring every rule and just applying the default rule points to the userland part of ipfw not >>corresponding to the kernel part. I believe so. I did a "makebuildworld, makekernel, installkernel, mergemaster, installworld, reboot" following a full cvsup. My kernel is custom but nothing new from prior releases. I will try installworld once again to see if that changes anything. >Thomas >-- >Thomas Wolf >Wiener Software Fabrik >Dubas u. Wolf GMBH >1050 Wien, Mittersteig 4