Date: Sun, 23 Jun 1996 14:35:46 -0500 (CDT) From: Alex Nash <alex@zen.nash.org> To: nate@sri.MT.net Cc: freebsd-security@FreeBSD.org, gpalmer@FreeBSD.org, taob@io.org, phk@FreeBSD.org Subject: Re: IPFW documentation Message-ID: <199606231935.OAA00300@zen.nash.org>
next in thread | raw e-mail | index | archive | help
> > You bet. How about this: > > > > - Bring src/sys/netinet/ip_fw.c up to -current level (or very > > close to). > > > > - Bring src/sbin/ipfw/ipfw.c in line with the kernel changes. > > > > - Try and get the man page in shape (the version in -current is > > a lot closer, but not perfect). > > It works for me, but I'm not expert on any of it. However, when I > upgrade my box from 2.1R -> 2.1.5 I will want to know what has changed. > Unfortunately, I can't do that for at least another 2 weeks since I'm > upgrading everything else this week and am taking time off the week > after. I'm not sure how much I can help with the differences, but I guess I would summarize the main differences as: - The default policy is now deny (previously it was allow) - The syntax of ipfw has changed substantially (see ipfw(8) for details) > > When this is done, I'll announce where patches can be found so that as > > many people as possible can bang on it to make sure it's ok. > > Patches for what? I don't think you'll get enough time to get it > reviewed and in before Tuesday, but if you think it can be done go for > it. In any case, the docs and the source should match by the time 2.1.5 > is rolled. In between writing the first message and this one I've merged -stable with -current and am running it at this moment. The main advantages are: - Better error messages, usage output, etc. - Slightly more intuitive (accepts host names, for example) - New features (yes, this can be viewed as a reason *not* to include it in -release, but a I haven't heard any complaints about the code in -current yet) - Updated man page (we can use the one in current) I need to tie up a few loose ends, and then I'll post patches so that it can be reviewed by all. > > That'll > > give me the comfort level I'd need to place these changes into 2.1.5. > > Does this sound viable? > > As long as everythign is in sync. I don't mind. I'd prefer backing out > the new stuff completely out if we can't keep the sources and docs in > sync, since the only thing worse than buggy code is code that's > documented incorrectly. I'm not going to touch backing out of the new stuff, that would be Poul's decision. If the current ipfw implementation stays, I think it would be worthwhile to try and incorporate the most recent man page and cosmetic/convenience fixes to ipfw. To make this happen though, we need reviewers. Any volunteers? :) Alex
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199606231935.OAA00300>