Date: Tue, 6 Feb 2001 10:39:40 -0800 (PST) From: Luigi Rizzo <rizzo@aciri.org> To: bright@wintelcom.net (Alfred Perlstein) Cc: rizzo@aciri.org, net@freebsd.org Subject: Re: IPFIREWALL + BRIDGE + IPDIVERT doesn't work? Message-ID: <200102061841.f16If1041610@iguana.aciri.org> In-Reply-To: <20010206102958.N26076@fw.wintelcom.net> from Alfred Perlstein at "Feb 6, 2001 10:29:58 am"
next in thread | previous in thread | raw e-mail | index | archive | help
i assume you have upgraded the .h files in /usr/include/net and /usr/include/netinet and recompiled the userland ipfw, right ? your report is kind of strange because none of the recent changes (unless you mean the tcp security fixes) involves additional specifiers in ipfw rules. Sure the ipfw struct and the pipe descriptor have changed size, but then the problem would occur for all rules not just the "via" ones. can you give use some more detail ? cheers luigi > Let me apologize in advance for this shoddyish bug report. > > In a recent -stable (since the new ipfw fixes) if you build > a kernel with options: > > IPFIREWALL > IPFIREWALL_VERBOSE > IPFIREWALL_DEFAULT_TO_ACCEPT > IPDIVERT > BRIDGE > DUMMYNET > > You wind up with a kernel that doesn't grok the ipfw 'via' keyword. > > Basically any rule that has a 'via' in it makes the userland ipfw > tool get a 'invalid setsockopt'. Anyone booting a kernel on a > system that relies on 'via' keywords is in for a big suprise as > all those rules won't load. > > -- > -Alfred Perlstein - [bright@wintelcom.net|alfred@freebsd.org] > "I have the heart of a child; I keep it in a jar on my desk." > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200102061841.f16If1041610>