Date: Sun, 23 Jun 1996 14:35:46 -0500 (CDT) From: Alex Nash <alex@zen.nash.org> To: nate@sri.MT.net Cc: freebsd-security@FreeBSD.org, gpalmer@FreeBSD.org, taob@io.org, phk@FreeBSD.org Subject: Re: IPFW documentation Message-ID: <199606231935.OAA00300@zen.nash.org>
next in thread | raw e-mail | index | archive | help
> > You bet. How about this:
> >
> > - Bring src/sys/netinet/ip_fw.c up to -current level (or very
> > close to).
> >
> > - Bring src/sbin/ipfw/ipfw.c in line with the kernel changes.
> >
> > - Try and get the man page in shape (the version in -current is
> > a lot closer, but not perfect).
>
> It works for me, but I'm not expert on any of it. However, when I
> upgrade my box from 2.1R -> 2.1.5 I will want to know what has changed.
> Unfortunately, I can't do that for at least another 2 weeks since I'm
> upgrading everything else this week and am taking time off the week
> after.
I'm not sure how much I can help with the differences, but I guess
I would summarize the main differences as:
- The default policy is now deny (previously it was allow)
- The syntax of ipfw has changed substantially (see ipfw(8) for details)
> > When this is done, I'll announce where patches can be found so that as
> > many people as possible can bang on it to make sure it's ok.
>
> Patches for what? I don't think you'll get enough time to get it
> reviewed and in before Tuesday, but if you think it can be done go for
> it. In any case, the docs and the source should match by the time 2.1.5
> is rolled.
In between writing the first message and this one I've merged -stable
with -current and am running it at this moment. The main advantages
are:
- Better error messages, usage output, etc.
- Slightly more intuitive (accepts host names, for example)
- New features (yes, this can be viewed as a reason *not* to include
it in -release, but a I haven't heard any complaints about the
code in -current yet)
- Updated man page (we can use the one in current)
I need to tie up a few loose ends, and then I'll post patches so that
it can be reviewed by all.
> > That'll
> > give me the comfort level I'd need to place these changes into 2.1.5.
> > Does this sound viable?
>
> As long as everythign is in sync. I don't mind. I'd prefer backing out
> the new stuff completely out if we can't keep the sources and docs in
> sync, since the only thing worse than buggy code is code that's
> documented incorrectly.
I'm not going to touch backing out of the new stuff, that would be
Poul's decision. If the current ipfw implementation stays, I think
it would be worthwhile to try and incorporate the most recent man page
and cosmetic/convenience fixes to ipfw. To make this happen though,
we need reviewers. Any volunteers? :)
Alex
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199606231935.OAA00300>