From owner-freebsd-current@FreeBSD.ORG Sun Jul 13 10:41:49 2003 Return-Path: Delivered-To: freebsd-current@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id DCE6437B401 for ; Sun, 13 Jul 2003 10:41:49 -0700 (PDT) Received: from xorpc.icir.org (xorpc.icir.org [192.150.187.68]) by mx1.FreeBSD.org (Postfix) with ESMTP id 4289D43F93 for ; Sun, 13 Jul 2003 10:41:49 -0700 (PDT) (envelope-from rizzo@xorpc.icir.org) Received: from xorpc.icir.org (localhost [127.0.0.1]) by xorpc.icir.org (8.12.8p1/8.12.3) with ESMTP id h6DHfmkN074228; Sun, 13 Jul 2003 10:41:48 -0700 (PDT) (envelope-from rizzo@xorpc.icir.org) Received: (from rizzo@localhost) by xorpc.icir.org (8.12.8p1/8.12.3/Submit) id h6DHfmm0074227; Sun, 13 Jul 2003 10:41:48 -0700 (PDT) (envelope-from rizzo) Date: Sun, 13 Jul 2003 10:41:48 -0700 From: Luigi Rizzo To: Matt Message-ID: <20030713104148.A74162@xorpc.icir.org> References: <49176.192.168.1.10.1058098656.squirrel@webmail.xtaz.co.uk> <49205.192.168.1.10.1058099467.squirrel@webmail.xtaz.co.uk> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5.1i In-Reply-To: <49205.192.168.1.10.1058099467.squirrel@webmail.xtaz.co.uk>; from matt@xtaz.co.uk on Sun, Jul 13, 2003 at 01:31:07PM +0100 cc: current@FreeBSD.org Subject: Re: IPFW and/or rc rule parsing not working since today's cvsup X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 13 Jul 2003 17:41:50 -0000 thanks for pointing out -- it turns out that by mistake i have changed the handling of blank lines in ipfw configs. I will restore the old behaviour ASAP (it's a trivial 1-2 line change). cheers luigi On Sun, Jul 13, 2003 at 01:31:07PM +0100, Matt wrote: > > Matt said: > > I normally sync to current once a week and have just done it today: > > > > FreeBSD tao.xtaz.co.uk 5.1-CURRENT FreeBSD 5.1-CURRENT #0: Sun Jul 13 > > 12:24:40 BST 2003 root@shakira.xtaz.co.uk:/usr/obj/usr/src/sys/TAO > > i386 > > > > The problem is though that it looks like IPFW or RC has changed how it > > works. I'm not sure if this is intentional or not though. If it is > > intentional then I think it is a violation of POLA. > > > > The problem I have is this. In rc.conf I have the following: > > > > firewall_enable="YES" > > firewall_script="/etc/rc.firewall" > > firewall_type="/etc/ipfw.conf" > > > > And in /etc/ipfw.conf I have sets of rules one line at a time like: > > > > add 00010 divert natd all from any to any via xl0 > > add 00120 allow tcp from any to any 80 via xl0 > > > > etc. > > > > This has always worked for me ever since I first started using ipfw on > > fbsd 4.1 and has always worked on current until today's cvsup. Now though > > no rules get loaded. > > > > If I try what I have always done in the past which is ipfw -q flush && > > ipfw /etc/ipfw.conf then it tells me: > > > > usage: ipfw [options] > > do "ipfw -h" or see ipfw manpage for details > > > > Whereas before this week this worked perfectly. The /etc/rc.firewall still > > says that you can set a filename for the firewall_type so I assume this > > should still work as in fact just broken rather than a POLA. > > > > I definatly mergemaster'd everything that had changed properly. In fact I > > have even just run it again in case I missed something and everything is > > up to date. > > > > Any comments? > > > > Regards, Matt. > > > > -- > > email: matt@xtaz.co.uk - web: http://xtaz.co.uk/ > > Hardware, n.: The parts of a computer system that can be kicked. > > I have noticed that there have been a large number of ipfw commits this > week in the cvs logs and so I believe this could be related. I am > therefore emailing this direct to luigi as hopefully he can help :) > > -- > email: matt@xtaz.co.uk - web: http://xtaz.co.uk/ > Hardware, n.: The parts of a computer system that can be kicked.