Date: Fri, 09 Jan 1998 21:51:14 -0800 (PST) From: Simon Shapiro <shimon@simon-shapiro.org> To: Matthew Thyer <thyerm@camtech.net.au> Cc: current@FreeBSD.ORG, Studded <Studded@dal.net>, Hostas Red <kong@kkk.ml.org> Subject: Re: Firewall in kernel? - Found it! Message-ID: <XFMail.980109215114.shimon@simon-shapiro.org> In-Reply-To: <34B6DA80.C402491@camtech.net.au>
next in thread | previous in thread | raw e-mail | index | archive | help
If this is a new kernel, then here is the explanation:
/usr/include/netinet/ip_fw.h has changed. That causes old /sbin/ipfw to
fail.
To make things more exciting, m,ake world also fails for the same reason.
In /usr/src/lib/libalias/alias_db.c, it fails to compile because, in line
2062, it misses:
#include <net/if.h>
There may be still more trouble there, but I am still compiling.
I guess, the idea that any header file change requires complete world and
kernel compile and regression test prior to commit, is not as universally
accepted as one may think.
Simon
On 10-Jan-98 Matthew Thyer wrote:
> I also have this error.
>
> It started after I built a kernel at ctm-src-cur delta # 3200.
> Note that I also built the world after booting the kernel.
>
> I made no changes to my kernel config file (as LINT did not have
> anything new that I wanted).
>
> It is caused by a program in rc.network which trys to detect if the
> firewall code is compiled into the kernel. This program fails in
> some way and returns an error code in the 60's (I cant remember as
> I'm having to use Win95 right now) but the script only expects
> 0 or 1 as a return code so it mistakenly thinks the firewall is
> in the kernel.
>
> I tried compiling in firewall support (with the default to fully open)
> but this did not get rid of the error message. I think the program
> still fails unexpectedly.
>
> Why has no one else complained about this ?? I assume you have all
> passed ctm-src-cur #3200 faily quickly dues to John Dysons changes.
>
> I will send kernel config file, and more details on which program
> fails.
>
> Why also does iijppp not work now ?? Maybe because of the firewall
> error. I tried changing my ppp.linkup for the new syntax for the
> "add" command (as seen in the lists). I note that the samples still
> have old syntax.
>
> More details will be forthcoming soon.
>
> Hostas Red wrote:
>>
>> Hi!
>>
>> On Thu, 8 Jan 1998, Studded wrote:
>>
>> > > Since some time, my system tells me on boot, that "Warning: kernel
>> > > has
>> > > firewall functionality, but firewall rules are not enabled. All ip
>> > > services are disabled."
>> > Looks like you compiled the firewall into your kernel without
>> > enabling
>> > the loading of the script in /etc/rc.conf. If you are going to compile
>> > firewall stuff into your kernel, I *highly* recommend using the
>> > default
>> > to accept rule option at least till you get to know things better.
>>
>> But i'm completely not going to enable firewall, and i have no stuff
>> about
>> firewall in kernel config file. This message appeared after one of
>> kernel
>> compiles.
>>
>> Adios,
>> /KONG
----------
Sincerely Yours,
Simon Shapiro
Shimon@Simon-Shapiro.ORG Voice: 503.799.2313
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?XFMail.980109215114.shimon>