From owner-freebsd-questions@FreeBSD.ORG Mon Apr 7 05:23:16 2003 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 7E2F937B401 for ; Mon, 7 Apr 2003 05:23:16 -0700 (PDT) Received: from blueyonder.co.uk (pcow057o.blueyonder.co.uk [195.188.53.94]) by mx1.FreeBSD.org (Postfix) with ESMTP id 4D68C43F85 for ; Mon, 7 Apr 2003 05:23:15 -0700 (PDT) (envelope-from jfm@blueyonder.co.uk) Received: from lexx ([62.31.198.203]) by blueyonder.co.uk with Microsoft SMTPSVC(5.5.1877.757.75); Mon, 7 Apr 2003 13:23:14 +0100 From: John Murphy To: questions@FreeBSD.ORG Date: Mon, 07 Apr 2003 13:23:15 +0100 Organization: poor Message-ID: <9cr29vcqs73p0qm6imstf0skep5lk94436@4ax.com> References: <74i19v4isusmlrpohohodush0gnmmsutvk@4ax.com> In-Reply-To: <74i19v4isusmlrpohohodush0gnmmsutvk@4ax.com> X-Mailer: Forte Agent 1.9/32.560 MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: quoted-printable Subject: Re: 4.8 ipfilter ruleset compatibility question X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: jfm@blueyonder.co.uk List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 07 Apr 2003 12:23:16 -0000 John Murphy wrote: >I've upgraded from 4.4 to 4.8 release by re-installation and then = copying: >/etc/rc.conf and the usual others from the old drive to the new. = Including >the old, previously working, ipf.rules and ipnat.rules. Solved. Previous to 4.5 rc.conf required: ipfilter_program=3D"/sbin/ipf -Fa -f" ipnat_program=3D"/sbin/ipnat -CF -f" Whereas Post 4.5 only: ipfilter_program=3D"/sbin/ipf" ipnat_program=3D"/sbin/ipnat" is required to start ipfilter and ipnat. With 4.8 _and_ the flags all packets were passed regardless of the rules and ipfstat showed no packets blocked. Without the flags everything seems to work as before. John.