Date: Tue, 03 Apr 2007 01:02:31 -0700 From: Julian Elischer <julian@elischer.org> To: Sean McNeil <sean@mcneil.com> Cc: ProtectNet <protectnet@gmail.com>, ipfw@freebsd.org Subject: Re: bad test in /etc/rc.d/ip6fw Message-ID: <46120A17.4030501@elischer.org> In-Reply-To: <001201c7759e$985f1840$3200010a@ferrari> References: <001601c7755d$79cf1010$07e90b93@ferrari> <8207a8df0704021959x18ddcd6fud43a1422da78d4f3@mail.gmail.com> <001201c7759e$985f1840$3200010a@ferrari>
next in thread | previous in thread | raw e-mail | index | archive | help
Sean McNeil wrote:
> Hi Henrique,
>
>> For Firewall in IPV6 enable in kernel
>>
>> options IPV6FIREWALL # Enable ipfirewall(4) for ipv6
>> options IPV6FIREWALL_VERBOSE # Enable log's in syslogd(4)
>> options IPV6FIREWALL_VERBOSE_LIMIT=100 # Set limite in syslogd in 100
>> registers
>> options IPV6FIREWALL_DEFAULT_TO_ACCEPT # Enable default Open Firewall
>>
>> And sorry my poor english :p
>
> No problem. You miss my point, however. I have none of these in my
> kernel config yet I have net.inet6.ip6.fw.enable defined. This prevents
> the /etc/rc.d/ip6fw script from kldload'ing the appropriate module. So
> either the code that creates the kernel parameter or the script needs to
> be changed so that they work in tandem.
please see if the following change makes a difference.
(you will need to apply this by hand).
In the mean time I will revert this MFC in total.
Index: ip_fw2.c
===================================================================
RCS file: /usr/local/cvsroot/freebsd/src/sys/netinet/ip_fw2.c,v
retrieving revision 1.106.2.34
diff -u -r1.106.2.34 ip_fw2.c
--- ip_fw2.c 31 Mar 2007 01:51:29 -0000 1.106.2.34
+++ ip_fw2.c 3 Apr 2007 07:59:50 -0000
@@ -4349,7 +4349,7 @@
SYSCTL_STATIC_CHILDREN(_net_inet6_ip6), OID_AUTO, "fw",
CTLFLAG_RW | CTLFLAG_SECURE, 0, "Firewall");
SYSCTL_ADD_PROC(&ip6_fw_sysctl_ctx, SYSCTL_CHILDREN(ip6_fw_sysctl_tree),
- OID_AUTO, "enable", CTLTYPE_INT | CTLFLAG_RW | CTLFLAG_SECURE3,
+ OID_AUTO, "enablefw", CTLTYPE_INT | CTLFLAG_RW | CTLFLAG_SECURE3,
&fw6_enable, 0, ipfw_chg_hook, "I", "Enable ipfw+6");
SYSCTL_ADD_INT(&ip6_fw_sysctl_ctx, SYSCTL_CHILDREN(ip6_fw_sysctl_tree),
OID_AUTO, "deny_unknown_exthdrs", CTLFLAG_RW | CTLFLAG_SECURE,
>
>> Henrique Mattos
>>
>> 2007/4/2, Sean McNeil <sean@mcneil.com>:
>>> I just noticed that ip6fw isn't loading the ip6fw kernel module
>>> because my kernel somehow already has the sysctl value in it. This
>>> is FreeBSD -STABLE and I have the following in my kernel:
>>>
>>> options INET # InterNETworking
>>> options INET6 # IPv6 communications protocols
>>>
>>> options IPFIREWALL
>>> options IPFIREWALL_FORWARD
>>> options IPDIVERT
>>> options DUMMYNET
>>>
>>> net.inet6.ip6.fw.enable managed to get in the kernel.
>>>
>>> Cheers,
>>> Sean
>>> _______________________________________________
>>> freebsd-ipfw@freebsd.org mailing list
>>> http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw
>>> To unsubscribe, send any mail to "freebsd-ipfw-unsubscribe@freebsd.org"
>>>
>>
>>
>
> _______________________________________________
> freebsd-ipfw@freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw
> To unsubscribe, send any mail to "freebsd-ipfw-unsubscribe@freebsd.org"
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?46120A17.4030501>