From owner-cvs-all@FreeBSD.ORG Thu Aug 19 05:53:03 2004 Return-Path: Delivered-To: cvs-all@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 8EF5916A4CE; Thu, 19 Aug 2004 05:53:03 +0000 (GMT) Received: from pooker.samsco.org (pooker.samsco.org [168.103.85.57]) by mx1.FreeBSD.org (Postfix) with ESMTP id 328E143D2F; Thu, 19 Aug 2004 05:53:03 +0000 (GMT) (envelope-from scottl@samsco.org) Received: from [192.168.2.73] (cpe.125.wat.v126.packetworks.net [64.235.97.125] (may be forged)) (authenticated bits=0) by pooker.samsco.org (8.12.11/8.12.10) with ESMTP id i7J5rQ7u067198; Wed, 18 Aug 2004 23:53:27 -0600 (MDT) (envelope-from scottl@samsco.org) Message-ID: <41243F9A.8080300@samsco.org> Date: Wed, 18 Aug 2004 23:50:18 -0600 From: Scott Long User-Agent: Mozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:1.7.1) Gecko/20040801 X-Accept-Language: en-us, en MIME-Version: 1.0 To: John Birrell , Andre Oppermann References: <200408172205.i7HM5sDs087606@repoman.freebsd.org> <20040819030854.GM99521@freebsd3.cimlogic.com.au> In-Reply-To: <20040819030854.GM99521@freebsd3.cimlogic.com.au> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit X-Spam-Status: No, hits=0.0 required=3.8 tests=none autolearn=no version=2.63 X-Spam-Checker-Version: SpamAssassin 2.63 (2004-01-11) on pooker.samsco.org cc: cvs-src@FreeBSD.org cc: src-committers@FreeBSD.org cc: cvs-all@FreeBSD.org Subject: Re: cvs commit: src/sys/conf files options src/sys/modules/ipfwMakefile ip_divert.cip_input.c ip_output.c ... X-BeenThere: cvs-all@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: CVS commit messages for the entire tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 19 Aug 2004 05:53:03 -0000 John Birrell wrote: > On Tue, Aug 17, 2004 at 10:05:54PM +0000, Andre Oppermann wrote: > >>andre 2004-08-17 22:05:54 UTC >> >> FreeBSD src repository >> >> Modified files: >> sys/conf files options >> sys/modules/ipfw Makefile >> sys/net bridge.c >> sys/netgraph ng_bridge.c >> sys/netinet ip_divert.c ip_dummynet.c ip_dummynet.h >> ip_fastfwd.c ip_fw.h ip_fw2.c ip_input.c >> ip_output.c ip_var.h raw_ip.c tcp_input.c >> tcp_sack.c >> sys/sys mbuf.h >> Added files: >> sys/netinet ip_fw_pfil.c > > > A kernel config file which includes IPFIREWALL, but not PFIL_HOOKS will > not link (for obvious reasons). > > Also, the script /etc/rc.d/ipfw tests the 'enable' sysctl which is removed > by this commit. The result is that if a kernel is booted with ipfw built > in, the /etc/rc.d/ipfw script tries to load the ipfw module. The module > load fails (for obvious reasons), causing the ipfw initialisation to fail > leaving the firewall in the deny-everything mode regardless of what is > configured in /etc/rc.conf. > > This is an issue for 5.3. [ I assume re@ are reading this list ] > Indeed we are. Andre, can you comment here please? Scott