From owner-freebsd-alpha Thu Dec 5 4:12:41 2002 Delivered-To: freebsd-alpha@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id CC29D37B401; Thu, 5 Dec 2002 04:12:39 -0800 (PST) Received: from MX4.estpak.ee (ld1.estpak.ee [194.126.101.98]) by mx1.FreeBSD.org (Postfix) with ESMTP id 615C743E9C; Thu, 5 Dec 2002 04:12:38 -0800 (PST) (envelope-from kalts@estpak.ee) Received: from tiiu.internal (80-235-34-25-dsl.mus.estpak.ee [80.235.34.25]) by MX4.estpak.ee (Postfix) with ESMTP id 983F81D00B5; Thu, 5 Dec 2002 14:12:31 +0200 (EET) Received: from tiiu.internal (localhost [127.0.0.1]) by tiiu.internal (8.12.6/8.12.6) with ESMTP id gB5CCV7l002117; Thu, 5 Dec 2002 14:12:31 +0200 (EET) (envelope-from vallo@tiiu.internal) Received: (from vallo@localhost) by tiiu.internal (8.12.6/8.12.6/Submit) id gB5CCThN002116; Thu, 5 Dec 2002 14:12:29 +0200 (EET) (envelope-from vallo) Date: Thu, 5 Dec 2002 14:12:29 +0200 From: Vallo Kallaste To: Rob B Cc: freebsd-stable , freebsd-alpha Subject: Re: ipfw troubles Message-ID: <20021205121229.GA2000@tiiu.internal> Reply-To: kalts@estpak.ee References: <001201c29c53$32067da0$3164a8c0@pootah> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <001201c29c53$32067da0$3164a8c0@pootah> User-Agent: Mutt/1.5.1i-ja.1 Sender: owner-freebsd-alpha@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Thu, Dec 05, 2002 at 08:49:05AM +1100, Rob B wrote: > Recently compiled a new kernel for my Multia to do some firewalling. Now, > when trying to show the current rules, I get this: > > [root@doormat]/root: ipfw list > 00000 ip from any to any [opcode 0 len 0] [opcode 0 len 0] [opcode 0 len 0] > [opcode 0 len 0] [opcode 0 len 0] [opcode 0 len 0] [opcode 0 len 0] [opcode > 0 len 0] [opcode 0 len 0] [opcode 0 len 0] [opcode 0 len 0] [opcode 0 len 0] > [opcode 0 len 0] [opcode 0 len 0] [opcode 0 len 0] [opcode 0 ^C > > Relevant kernel options are as follows: > > options ICMP_BANDLIM #Rate limit bad replies > options RANDOM_IP_ID #See ../../i386/conf/LINT > options IPFIREWALL #firewall > options IPFIREWALL_VERBOSE #enable logging to syslogd(8) > options IPFIREWALL_FORWARD #enable transparent proxy support > options IPFIREWALL_VERBOSE_LIMIT=500 #limit verbosity > options IPDIVERT #Divert sockets > options DUMMYNET #Bandwidth limiter > options HZ=200 You have mixed IPFW and IPFW2, your kernel firewalling code version differs from userspace utility version. It's handled by some /etc/make.conf knob, read up ipfw(8). -- Vallo Kallaste kalts@estpak.ee To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-alpha" in the body of the message