From owner-freebsd-current  Mon Dec 16 10:23:13 2002
Delivered-To: freebsd-current@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP
	id EF95B37B401; Mon, 16 Dec 2002 10:23:11 -0800 (PST)
Received: from sccrmhc03.attbi.com (sccrmhc03.attbi.com [204.127.202.63])
	by mx1.FreeBSD.org (Postfix) with ESMTP
	id 410CD43EC2; Mon, 16 Dec 2002 10:23:11 -0800 (PST)
	(envelope-from julian@elischer.org)
Received: from InterJet.elischer.org (12-232-168-4.client.attbi.com[12.232.168.4])
          by sccrmhc03.attbi.com (sccrmhc03) with ESMTP
          id <20021216182309003006jhu3e>; Mon, 16 Dec 2002 18:23:10 +0000
Received: from localhost (localhost.elischer.org [127.0.0.1])
	by InterJet.elischer.org (8.9.1a/8.9.1) with ESMTP id KAA11989;
	Mon, 16 Dec 2002 10:23:09 -0800 (PST)
Date: Mon, 16 Dec 2002 10:23:08 -0800 (PST)
From: Julian Elischer <julian@elischer.org>
To: Ruslan Ermilov <ru@FreeBSD.ORG>
Cc: Matthew Dillon <dillon@apollo.backplane.com>,
	"David O'Brien" <obrien@FreeBSD.ORG>, current@FreeBSD.ORG
Subject: Re: ipfw userland breaks again.
In-Reply-To: <20021216174117.GB34320@sunbay.com>
Message-ID: <Pine.BSF.4.21.0212161022400.11938-100000@InterJet.elischer.org>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-current@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-current.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-current>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-current>
X-Loop: FreeBSD.ORG



On Mon, 16 Dec 2002, Ruslan Ermilov wrote:

> On Sat, Dec 14, 2002 at 02:09:13PM -0800, Matthew Dillon wrote:
> > 
> > :
> > :On Sat, Dec 14, 2002 at 12:38:13PM -0800, Matthew Dillon wrote:
> > :>     then, as usual, IPFW with the new kernel and
> > :>     old world fails utterly and now the fragging machine can't access the
> > :
> > :Hear hear!!  I am >< tempted to have /sbin/ipfw moved to src/sys.
> > 
> >     How about something like this (patch enclosed).  If there are no
> >     objections I will commit it along with a documentation update, and
> >     maybe also add some RC code give the sysad a chance to ipfw unbreak if
> >     ipfw otherwise fails during the boot sequence.
> > 
> Matt,
> 
> How this could be helpful in a remote upgrade scenario that has
> IPFW ABI incompatibility issues?
> 
> One alternative approach would be to not compile IPFW into a
> kernel but rather have it loaded as a module.  Then, you
> install new kernel, edit out ipfw_enable="YES" for the time
> being, reboot with the new kernel, installworld, edit
> ipfw_enable="YES" back in, reboot, and you're done.


I think having ipfw as a module doesn't get you fwd or divert.
(I may be wrong)

> 
> 
> Cheers,
> -- 
> Ruslan Ermilov		Sysadmin and DBA,
> ru@sunbay.com		Sunbay Software AG,
> ru@FreeBSD.org		FreeBSD committer,
> +380.652.512.251	Simferopol, Ukraine
> 
> http://www.FreeBSD.org	The Power To Serve
> http://www.oracle.com	Enabling The Information Age
> 


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-current" in the body of the message