Skip site navigation (1)Skip section navigation (2) 
Date:      Thu, 19 Aug 2004 12:10:03 +0200
From:      Andre Oppermann <andre@freebsd.org>
To:        Nate Lawson <nate@root.org>
Cc:        John Birrell <jb@cimlogic.com.au>
Subject:   Re: cvs commit: src/sys/conf files options src/sys/modules/ipfw  Makefilesrc/sys/net bridge.c src/sys/netgraph ng_bridge.c  src/sys/netinet ip_divert.cip_dummynet.c ip_dummynet.h ip_fastfwd.c  ip_fw.h ip_fw2.c ip_fw_pfil.c ip_input.cip_output.c ...
Message-ID:  <41247C7A.B21E7660@freebsd.org>
References:  <200408172205.i7HM5sDs087606@repoman.freebsd.org> <20040819030854.GM99521@freebsd3.cimlogic.com.au> <41242606.6070604@root.org>
next in thread | previous in thread | raw e-mail | index | archive | help 
Nate Lawson wrote:
> 
> John Birrell wrote:
> > On Tue, Aug 17, 2004 at 10:05:54PM +0000, Andre Oppermann wrote:
> >
> >>andre       2004-08-17 22:05:54 UTC
> >>
> >>  FreeBSD src repository
> >>
> >>  Modified files:
> >>    sys/conf             files options
> >>    sys/modules/ipfw     Makefile
> >>    sys/net              bridge.c
> >>    sys/netgraph         ng_bridge.c
> >>    sys/netinet          ip_divert.c ip_dummynet.c ip_dummynet.h
> >>                         ip_fastfwd.c ip_fw.h ip_fw2.c ip_input.c
> >>                         ip_output.c ip_var.h raw_ip.c tcp_input.c
> >>                         tcp_sack.c
> >>    sys/sys              mbuf.h
> >>  Added files:
> >>    sys/netinet          ip_fw_pfil.c
> >
> >
> > A kernel config file which includes IPFIREWALL, but not PFIL_HOOKS will
> > not link (for obvious reasons).
> >
> > Also, the script /etc/rc.d/ipfw tests the 'enable' sysctl which is removed
> > by this commit. The result is that if a kernel is booted with ipfw built
> > in, the /etc/rc.d/ipfw script tries to load the ipfw module. The module
> > load fails (for obvious reasons), causing the ipfw initialisation to fail
> > leaving the firewall in the deny-everything mode regardless of what is
> > configured in /etc/rc.conf.
> >
> > This is an issue for 5.3. [ I assume re@ are reading this list ]
> 
> I've been bitten by both.  Actually, ipfw.ko won't load into a kernel
> built without PFIL_HOOKS.  The duplicate load attempt also happens to me.

I'm looking into this and will have a fix later today.

-- 
Andre

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?41247C7A.B21E7660>