From owner-freebsd-stable  Tue May 28 13:39:54 2002
Delivered-To: freebsd-stable@freebsd.org
Received: from boris.st.hmc.edu (boris.ST.HMC.Edu [134.173.63.11])
	by hub.freebsd.org (Postfix) with ESMTP
	id 00E2537B403; Tue, 28 May 2002 13:39:40 -0700 (PDT)
Received: from localhost (jeff@localhost)
	by boris.st.hmc.edu (8.11.6/8.11.6) with ESMTP id g4SKdcM16430;
	Tue, 28 May 2002 13:39:38 -0700 (PDT)
	(envelope-from jeff@boris.st.hmc.edu)
Date: Tue, 28 May 2002 13:39:37 -0700 (PDT)
From: Jeff Jirsa <jeff@boris.st.hmc.edu>
To: Irwan Hadi <irwanhadi@phxby.com>
Cc: <freebsd-questions@FreeBSD.ORG>, <freebsd-stable@FreeBSD.ORG>
Subject: Re: Server won't boot after recompile the kernel with ipfw support
In-Reply-To: <20020528142640.A22370@phxby.com>
Message-ID: <20020528133316.S16405-100000@boris.st.hmc.edu>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-stable@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-stable.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-stable>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-stable>
X-Loop: FreeBSD.ORG

On Tue, 28 May 2002, Irwan Hadi wrote:

> Dear All,
>
> compiled successfully. But why after I recompile the kernel for the
> second time, with
> options IPFIREWALL
> options IPFIREWALL_VERBOSE
> options IPFIREWALL_VERBOSE_LIMIT=10 according to
> http://www.freebsd.org/handbook/firewalls.html, the server can't be
> ping-ed anymore ?
> I did check the configuration using /usr/bin/config my-kernel, and it
> worked just fine, and there was no error in the make depend, and make
> stage.
> Does anyone has ever got the same problem ? May I know it A.S.A.P,
> because the server is a colocated one, and I need to give instructions
> to the person who is going to "fix" the server.
>

Did  you specify any of the firewall rules / configuration before
rebooting? The default deny rules will keep you from connecting to the
box until you set up new rules that will accept connections. You'll want
to check and modify the firewall_ lines in /etc/defaults/rc.conf .

The ipfw man page suggests being at the console when you enable the
firewall for this precise reason.

The way to fix this problem is to log in at the console (or have someone
else do it for you) and add the following rule:

ipfw add 100 allow ip from any to any


This will open up the firewall, and allow you to connect. You'll no doubt
want to delete that rule when you add your own custom rules. man ipfw(8)
will help you when you get around to doing that.


- Jeff Jirsa



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-stable" in the body of the message