From owner-freebsd-questions@FreeBSD.ORG  Wed Jan 21 09:24:43 2015
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115])
 (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
 (No client certificate requested)
 by hub.freebsd.org (Postfix) with ESMTPS id A6DDB70
 for <freebsd-questions@freebsd.org>; Wed, 21 Jan 2015 09:24:43 +0000 (UTC)
Received: from ipmail04.adl6.internode.on.net (ipmail04.adl6.internode.on.net
 [150.101.137.141]) by mx1.freebsd.org (Postfix) with ESMTP id 3DC9AD1
 for <freebsd-questions@freebsd.org>; Wed, 21 Jan 2015 09:24:41 +0000 (UTC)
Received: from ppp14-2-13-162.lns21.adl2.internode.on.net (HELO leader.local)
 ([14.2.13.162])
 by ipmail04.adl6.internode.on.net with ESMTP; 21 Jan 2015 19:54:34 +1030
Message-ID: <54BF7050.90605@ShaneWare.Biz>
Date: Wed, 21 Jan 2015 19:54:32 +1030
From: Shane Ambler <FreeBSD@ShaneWare.Biz>
User-Agent: Mozilla/5.0 (X11; FreeBSD amd64;
 rv:31.0) Gecko/20100101 Thunderbird/31.4.0
MIME-Version: 1.0
To: Odhiambo Washington <odhiambo@gmail.com>
Subject: Re: IPFilter & FreeBSD-10.1
References: <CAAdA2WMudfd0J9RP_3UL+EMC8Vh3Crks8c-6U5f7AQMBSR0XJQ@mail.gmail.com>
 <CAOc73CCsrnqskLJKFbQH2W-EYH7yi=AXiSKw8jLYz0O35spJ5g@mail.gmail.com>
 <CAAdA2WOeiEv2opf4ZMDAf=LvC5TUCbC8+AeE0ecf7Ac+=jQ1-w@mail.gmail.com>
In-Reply-To: <CAAdA2WOeiEv2opf4ZMDAf=LvC5TUCbC8+AeE0ecf7Ac+=jQ1-w@mail.gmail.com>
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: 7bit
Cc: User Questions <freebsd-questions@freebsd.org>
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.18-1
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-questions>, 
 <mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions/>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
 <mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 21 Jan 2015 09:24:43 -0000

On 21/01/2015 16:15, Odhiambo Washington wrote:
> Hi Ben,
>
> Thanks for this. I actually read this bit of it having been updated to
> version 5.1.2 in FreeBSD 10.0.
>
> However, my problem emanated from the fact that rules that I use on
> FreeBSD-8.4/9.3 simply could not work on 10.1
>
> I simply carried the rules over, and did not compile a custom kernel on
> 10.1. I was believing that the module will be automatically loaded and
> rules would work. They didn't! Only 'ipf -D' would let connections to be
> made from LAN PCs to my gateway PC..

> I read a post in which someone had to copy the sources from 9.x to 10.x and
> recompile in order to get it to work with the rules from 9.x

The update from 4.1.28->5.1.2 may include changes that requires
adjusting old rules to the new syntax.

While going back to an older version can get your old settings to work
again it also removes any security fixes from the update. Updating your
ruleset would be a better solution.


-- 
FreeBSD - the place to B...Software Developing

Shane Ambler