From owner-freebsd-ipfw Sat Jul 27 11:44:10 2002 Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 27EFC37B400; Sat, 27 Jul 2002 11:44:07 -0700 (PDT) Received: from gs166.sp.cs.cmu.edu (GS166.SP.CS.CMU.EDU [128.2.205.169]) by mx1.FreeBSD.org (Postfix) with SMTP id 97C0743E42; Sat, 27 Jul 2002 11:44:06 -0700 (PDT) (envelope-from dpelleg@gs166.sp.cs.cmu.edu) To: Luigi Rizzo Cc: ipfw@freebsd.org Subject: Re: HEADS-UP ipfw now in -stable (as an optional replacement of the old ipfw) References: <20020723202849.A82296@iguana.icir.org> From: Dan Pelleg Date: 27 Jul 2002 14:43:35 -0400 In-Reply-To: <20020723202849.A82296@iguana.icir.org> Message-ID: Lines: 63 User-Agent: Gnus/5.0808 (Gnus v5.8.8) XEmacs/21.1 (Cuyahoga Valley) MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Sender: owner-freebsd-ipfw@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Luigi Rizzo writes: > FYI.... > > (please read the commit log below before complaining). > > cheers > luigi > > From: Luigi Rizzo > Subject: cvs commit: src/sys/netinet ip_fw2.c ip_fw2.h src/sys/conf files > options src/sbin/ipfw Makefile ipfw2.c src/lib/libalias Makefile > alias_db.c > To: cvs-committers@FreeBSD.ORG, cvs-all@FreeBSD.ORG > Date: Tue, 23 Jul 2002 20:21:24 -0700 (PDT) > > > luigi 2002/07/23 20:21:24 PDT > > Modified files: (Branch: RELENG_4) > sys/conf options files > sbin/ipfw Makefile > lib/libalias Makefile alias_db.c > Added files: (Branch: RELENG_4) > sys/netinet ip_fw2.h ip_fw2.c > sbin/ipfw ipfw2.c > Log: > Bring ipfw2 into the -stable tree. This will give more people a > chance to test it, and hopefully accelerate the transition from the > old to the new ipfw code. > > NOTE: THIS COMMIT WILL NOT CHANGE THE FIREWALL YOU USE, > NOR A SINGLE BIT IN YOUR KERNEL AND BINARIES. > YOU WILL KEEP USING YOUR OLD "ipfw" UNLESS YOU: > > + add "options IPFW2" (undocumented) to your kernel config file; > > + compile and install sbin/ipfw and lib/libalias with > make -DIPFW2 > > in other words, you must really want it. > I need some help here. Does this mean: 1. change kernel config to include IPFW2 2. buildworld, buildkernel, installkernel, installworld 3. cd to /usr/src/sbin/ipfw and make -DIPFW2 ; make -DIPFW2 install 4. cd to /usr/src/lib/libalias and make -DIPFW2 ; make -DIPFW2 install I got it to work that way but I have doubts since it won't work when the build machine is not the same one as the installed machine. Also, as others suggested, it would be nice to have a way to detect if IPFW2 is in the running kernel and what flavor the installed ipfw(8) is. Currently, it's just too easy to mismatch kernel and userland and end up with a kernel that's defaulting to deny and no userland tool to add any rules to it. I just got that on a machine that installs its world and kernel over NFS - ouch. -- Dan Pelleg To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ipfw" in the body of the message