Date: Thu, 19 Aug 2004 12:18:56 -0400 From: "Jonathan T. Sage" <sagejona@theatre.msu.edu> To: Barney Wolff <barney@databus.com> Cc: current@freebsd.org Subject: Re: RELENG_5 kernel b0rken with IPFIREWALL and without PFIL_HOOKS Message-ID: <4124D2F0.8050000@theatre.msu.edu> In-Reply-To: <20040819161315.GB29937@pit.databus.com> References: <20040819154334.GA23926@pit.databus.com> <200408191559.i7JFxJKo018279@bunrab.catwhisker.org> <20040819161315.GB29937@pit.databus.com>
index | next in thread | previous in thread | raw e-mail
[-- Attachment #1 --]
Barney Wolff wrote:
> Sure, invoking ipfw directly works fine when ipfw's compiled into the kernel,
> as does dotting /etc/rc.firewall. But /etc/rc.d/ipfw is what's run at
> boot time, and that would seem, at least as I read it, to require that
> ipfw be a module, not compiled in.
no, it dosn't, kinda.
if ! ${SYSCTL} net.inet.ip.fw.enable > /dev/null 2>&1; then
if the sysctl item net.inet.ip.fw.enable does NOT exist, then try and
load the module. otherwise, return 0 (all ok)
if ! kldload ipfw; then
warn unable to load firewall module.
return 1
fi
fi
it is failing because the net.inet.ip.fw.enable sysctl was removed. the
script needs to be updated to rely on one of the still existing sysctls.
as of right now, with no edits, the script cannot complete succesfully
unless ipfw is left as a module. No doubt this will be fixed shortly.
--
Jonathan T. Sage
Theatrical Lighting / Set Designer
Professional Web Design
"He said he likes me, but he's not in-like with me."- Connie, King of
the Hill
[HTTP://www.JTSage.com]
[HTTP://design.JTSage.com]
[sagejona@msu.edu]
[See Headers for Contact Info]
[-- Attachment #2 --]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (MingW32)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
iD8DBQFBJNLwoVmW2UUup/ERApHkAJsEfjmxHM1ZlATk7DxYznc/43P99gCfWlKV
Is0c5kmIJjutu1udTwE/oZc=
=TabJ
-----END PGP SIGNATURE-----
help
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4124D2F0.8050000>