From owner-freebsd-stable  Mon Jul 15 13:42:12 2002
Delivered-To: freebsd-stable@freebsd.org
Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP
	id C35E437B401; Mon, 15 Jul 2002 13:42:03 -0700 (PDT)
Received: from iguana.icir.org (iguana.icir.org [192.150.187.36])
	by mx1.FreeBSD.org (Postfix) with ESMTP
	id 5F61B43E84; Mon, 15 Jul 2002 13:42:01 -0700 (PDT)
	(envelope-from rizzo@iguana.icir.org)
Received: (from rizzo@localhost)
	by iguana.icir.org (8.11.6/8.11.3) id g6FKg0S91816;
	Mon, 15 Jul 2002 13:42:00 -0700 (PDT)
	(envelope-from rizzo)
Date: Mon, 15 Jul 2002 13:42:00 -0700
From: Luigi Rizzo <rizzo@icir.org>
To: ipfw@FreeBSD.ORG
Subject: updated ipfw2 patches for -stable
Message-ID: <20020715134200.A91754@iguana.icir.org>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.2.5.1i
Sender: owner-freebsd-stable@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-stable.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-stable>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-stable>
X-Loop: FreeBSD.ORG


[Bcc to -stable as relevant there]

As the subject says, the latest patches to run ipfw2 on -stable are at

	http://info.iet.unipi.it/~luigi/ipfw2.stable.020715.diffs

They rely on the code that I have committed to -stable last week,
and replicate the functionality  that is available in -current in
the CVS repository.

This version fixes all bugs reported so far (which were limited to
minor problems in the userland code, and alignment issues on 64-bit
architectures) and implements keepalives to prevent dynamic rules
from expiring when your session is idle for longer than the timeout.

Once you have patched your source tree, you need to add

	options	IPFW2

to your kernel config file to have the new functionality available,
otherwise you will still use the old ipfw code.

You also need to recompile /sbin/ipfw.

Note that this patch *does not* update libalias (I will add
patches for that in the next version of the code).

(For the curious, ipfw2 is a nickname for the new firewall code
which is in -current.  It is much faster and more flexible than the
old one, and implements the old ipfw syntax as a subset, so your
existing configuration files should work unmodified -- and if they
don't, please report the rule(s) where it chokes so i can fix that).

	cheers
	luigi

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-stable" in the body of the message