From owner-cvs-all@FreeBSD.ORG Thu Aug 19 10:10:04 2004 Return-Path: Delivered-To: cvs-all@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id B019816A4CE for ; Thu, 19 Aug 2004 10:10:04 +0000 (GMT) Received: from c00l3r.networx.ch (c00l3r.networx.ch [62.48.2.2]) by mx1.FreeBSD.org (Postfix) with ESMTP id E2B8843D58 for ; Thu, 19 Aug 2004 10:10:03 +0000 (GMT) (envelope-from andre@freebsd.org) Received: (qmail 13096 invoked from network); 19 Aug 2004 10:09:48 -0000 Received: from unknown (HELO freebsd.org) ([62.48.0.53]) (envelope-sender ) by c00l3r.networx.ch (qmail-ldap-1.03) with SMTP for ; 19 Aug 2004 10:09:48 -0000 Message-ID: <41247C7A.B21E7660@freebsd.org> Date: Thu, 19 Aug 2004 12:10:03 +0200 From: Andre Oppermann X-Mailer: Mozilla 4.8 [en] (Windows NT 5.0; U) X-Accept-Language: en MIME-Version: 1.0 To: Nate Lawson References: <200408172205.i7HM5sDs087606@repoman.freebsd.org> <20040819030854.GM99521@freebsd3.cimlogic.com.au> <41242606.6070604@root.org> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit cc: cvs-src@FreeBSD.org cc: src-committers@FreeBSD.org cc: cvs-all@FreeBSD.org cc: John Birrell Subject: Re: cvs commit: src/sys/conf files options src/sys/modules/ipfw Makefilesrc/sys/net bridge.c src/sys/netgraph ng_bridge.c src/sys/netinet ip_divert.cip_dummynet.c ip_dummynet.h ip_fastfwd.c ip_fw.h ip_fw2.c ip_fw_pfil.c ip_input.cip_output.c ... X-BeenThere: cvs-all@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: CVS commit messages for the entire tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 19 Aug 2004 10:10:04 -0000 Nate Lawson wrote: > > John Birrell wrote: > > On Tue, Aug 17, 2004 at 10:05:54PM +0000, Andre Oppermann wrote: > > > >>andre 2004-08-17 22:05:54 UTC > >> > >> FreeBSD src repository > >> > >> Modified files: > >> sys/conf files options > >> sys/modules/ipfw Makefile > >> sys/net bridge.c > >> sys/netgraph ng_bridge.c > >> sys/netinet ip_divert.c ip_dummynet.c ip_dummynet.h > >> ip_fastfwd.c ip_fw.h ip_fw2.c ip_input.c > >> ip_output.c ip_var.h raw_ip.c tcp_input.c > >> tcp_sack.c > >> sys/sys mbuf.h > >> Added files: > >> sys/netinet ip_fw_pfil.c > > > > > > A kernel config file which includes IPFIREWALL, but not PFIL_HOOKS will > > not link (for obvious reasons). > > > > Also, the script /etc/rc.d/ipfw tests the 'enable' sysctl which is removed > > by this commit. The result is that if a kernel is booted with ipfw built > > in, the /etc/rc.d/ipfw script tries to load the ipfw module. The module > > load fails (for obvious reasons), causing the ipfw initialisation to fail > > leaving the firewall in the deny-everything mode regardless of what is > > configured in /etc/rc.conf. > > > > This is an issue for 5.3. [ I assume re@ are reading this list ] > > I've been bitten by both. Actually, ipfw.ko won't load into a kernel > built without PFIL_HOOKS. The duplicate load attempt also happens to me. I'm looking into this and will have a fix later today. -- Andre