From owner-freebsd-current@FreeBSD.ORG Sun Jul 13 05:17:39 2003 Return-Path: Delivered-To: freebsd-current@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 94D5137B401 for ; Sun, 13 Jul 2003 05:17:39 -0700 (PDT) Received: from tao.xtaz.co.uk (pc-62-30-69-139-az.blueyonder.co.uk [62.30.69.139]) by mx1.FreeBSD.org (Postfix) with ESMTP id 6071043F3F for ; Sun, 13 Jul 2003 05:17:38 -0700 (PDT) (envelope-from matt@xtaz.co.uk) Received: from webmail.xtaz.co.uk (localhost [127.0.0.1]) by tao.xtaz.co.uk (Postfix) with SMTP id 637D88FC5B for ; Sun, 13 Jul 2003 13:17:36 +0100 (BST) Received: from 192.168.1.10 (SquirrelMail authenticated user matt) by webmail.xtaz.co.uk with HTTP; Sun, 13 Jul 2003 13:17:36 +0100 (BST) Message-ID: <49176.192.168.1.10.1058098656.squirrel@webmail.xtaz.co.uk> Date: Sun, 13 Jul 2003 13:17:36 +0100 (BST) From: "Matt" To: current@freebsd.org User-Agent: SquirrelMail/1.4.0 MIME-Version: 1.0 Content-Type: text/plain;charset=iso-8859-1 X-Priority: 3 Importance: Normal Subject: IPFW and/or rc rule parsing not working since today's cvsup X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 13 Jul 2003 12:17:39 -0000 I normally sync to current once a week and have just done it today: FreeBSD tao.xtaz.co.uk 5.1-CURRENT FreeBSD 5.1-CURRENT #0: Sun Jul 13 12:24:40 BST 2003 root@shakira.xtaz.co.uk:/usr/obj/usr/src/sys/TAO i386 The problem is though that it looks like IPFW or RC has changed how it works. I'm not sure if this is intentional or not though. If it is intentional then I think it is a violation of POLA. The problem I have is this. In rc.conf I have the following: firewall_enable="YES" firewall_script="/etc/rc.firewall" firewall_type="/etc/ipfw.conf" And in /etc/ipfw.conf I have sets of rules one line at a time like: add 00010 divert natd all from any to any via xl0 add 00120 allow tcp from any to any 80 via xl0 etc. This has always worked for me ever since I first started using ipfw on fbsd 4.1 and has always worked on current until today's cvsup. Now though no rules get loaded. If I try what I have always done in the past which is ipfw -q flush && ipfw /etc/ipfw.conf then it tells me: usage: ipfw [options] do "ipfw -h" or see ipfw manpage for details Whereas before this week this worked perfectly. The /etc/rc.firewall still says that you can set a filename for the firewall_type so I assume this should still work as in fact just broken rather than a POLA. I definatly mergemaster'd everything that had changed properly. In fact I have even just run it again in case I missed something and everything is up to date. Any comments? Regards, Matt. -- email: matt@xtaz.co.uk - web: http://xtaz.co.uk/ Hardware, n.: The parts of a computer system that can be kicked.