Date: Wed, 7 Apr 2010 08:10:34 -0700 From: Freddie Cash <fjwcash@gmail.com> To: freebsd-ipfw@freebsd.org Subject: Re: rule 00000. Message-ID: <p2vb269bc571004070810i496cc94ei1e7c34a031f97f28@mail.gmail.com> In-Reply-To: <4BBC19B0.8060304@fuujingroup.com> References: <1298035093.20100405114112@nitronet.pl> <4BBC19B0.8060304@fuujingroup.com>
next in thread | previous in thread | raw e-mail | index | archive | help
2010/4/6 Erich Jenkins, Fuujin Group Ltd <erich@fuujingroup.com> > Pawel Tyll wrote: > >> Unfortunately FreeBSD 8.0-STABLE #0: Mon Apr 5 08:43:58 CEST 2010 >> still has problems. >> >> ipfw show: >> (...) >> 65534 44262253 27617819701 allow ip from any to any >> 00001 5335 405460 allow ip from me to any dst-port 123 >> 00000 0 0 ip from any to any >> >> Anything I can do to help? >> > > Pawel: > > My skin crawled the moment I read this post. Could you provide a bit more > information about this issue? I manage a very large deployment of FreeBSD > boxes which are geographically dispersed, and we've started upgrading them > to the 8.0 release. My default policy is to deny everything but the services > running, so I generally end with a "deny all" statement, and the last thing > I want is to lock myself out and have to dispatch a technician... > > Is this problem localized to any particular architecture? (we have sparc64, > amd64 and i386 servers deployed). Is this just the stable branch that's > affected, or was this bug also in the ISO release? (I deploy via > NFS/FTP/bootp from internal servers hosting the ISO images). > > If you read the archives of this list, you'll find that this issue only applies to 8-STABLE after the 8.0 release. Thus, if you upgrade to 8.0-RELEASE, you will not run into this problem. Luigi is doing a bunch of cleanups, refactoring, and updates to the ipfw code in 8-STABLE/9-CURRENT. Things are a bit unstable right now, but getting better with each passing day. IOW, nothing to worry about unless you have plans to upgrade to 8-STABLE. :) -- Freddie Cash fjwcash@gmail.com
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?p2vb269bc571004070810i496cc94ei1e7c34a031f97f28>