From owner-freebsd-alpha  Thu Dec  5  4:12:41 2002
Delivered-To: freebsd-alpha@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP
	id CC29D37B401; Thu,  5 Dec 2002 04:12:39 -0800 (PST)
Received: from MX4.estpak.ee (ld1.estpak.ee [194.126.101.98])
	by mx1.FreeBSD.org (Postfix) with ESMTP
	id 615C743E9C; Thu,  5 Dec 2002 04:12:38 -0800 (PST)
	(envelope-from kalts@estpak.ee)
Received: from tiiu.internal (80-235-34-25-dsl.mus.estpak.ee [80.235.34.25])
	by MX4.estpak.ee (Postfix) with ESMTP
	id 983F81D00B5; Thu,  5 Dec 2002 14:12:31 +0200 (EET)
Received: from tiiu.internal (localhost [127.0.0.1])
	by tiiu.internal (8.12.6/8.12.6) with ESMTP id gB5CCV7l002117;
	Thu, 5 Dec 2002 14:12:31 +0200 (EET)
	(envelope-from vallo@tiiu.internal)
Received: (from vallo@localhost)
	by tiiu.internal (8.12.6/8.12.6/Submit) id gB5CCThN002116;
	Thu, 5 Dec 2002 14:12:29 +0200 (EET)
	(envelope-from vallo)
Date: Thu, 5 Dec 2002 14:12:29 +0200
From: Vallo Kallaste <kalts@estpak.ee>
To: Rob B <rbyrnes@ozemail.com.au>
Cc: freebsd-stable <freebsd-stable@freebsd.org>,
	freebsd-alpha <freebsd-alpha@freebsd.org>
Subject: Re: ipfw troubles
Message-ID: <20021205121229.GA2000@tiiu.internal>
Reply-To: kalts@estpak.ee
References: <001201c29c53$32067da0$3164a8c0@pootah>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <001201c29c53$32067da0$3164a8c0@pootah>
User-Agent: Mutt/1.5.1i-ja.1
Sender: owner-freebsd-alpha@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-alpha.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-alpha>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-alpha>
X-Loop: FreeBSD.org

On Thu, Dec 05, 2002 at 08:49:05AM +1100, Rob B
<rbyrnes@ozemail.com.au> wrote:

> Recently compiled a new kernel for my Multia to do some firewalling. Now,
> when trying to show the current rules, I get this:
> 
> [root@doormat]/root: ipfw list
> 00000  ip from any to any [opcode 0 len 0] [opcode 0 len 0] [opcode 0 len 0]
> [opcode 0 len 0] [opcode 0 len 0] [opcode 0 len 0] [opcode 0 len 0] [opcode
> 0 len 0] [opcode 0 len 0] [opcode 0 len 0] [opcode 0 len 0] [opcode 0 len 0]
> [opcode 0 len 0] [opcode 0 len 0] [opcode 0 len 0] [opcode 0 ^C
> 
> Relevant kernel options are as follows:
> 
> options         ICMP_BANDLIM            #Rate limit bad replies
> options         RANDOM_IP_ID            #See ../../i386/conf/LINT
> options         IPFIREWALL              #firewall
> options         IPFIREWALL_VERBOSE      #enable logging to syslogd(8)
> options         IPFIREWALL_FORWARD      #enable transparent proxy support
> options         IPFIREWALL_VERBOSE_LIMIT=500    #limit verbosity
> options         IPDIVERT                #Divert sockets
> options         DUMMYNET                #Bandwidth limiter
> options         HZ=200

You have mixed IPFW and IPFW2, your kernel firewalling code version
differs from userspace utility version. It's handled by some
/etc/make.conf knob, read up ipfw(8).
-- 

Vallo Kallaste
kalts@estpak.ee

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-alpha" in the body of the message