From owner-freebsd-security Wed Oct 17 10:21:47 2001 Delivered-To: freebsd-security@freebsd.org Received: from hermes.pressenter.com (hermes.pressenter.com [209.224.20.19]) by hub.freebsd.org (Postfix) with ESMTP id 4FFAA37B401 for ; Wed, 17 Oct 2001 10:21:36 -0700 (PDT) Received: from [209.224.35.36] (helo=daggar) by hermes.pressenter.com with smtp (Exim 3.16 #1) id 15tuNh-0006Kn-00 for freebsd-security@FreeBSD.ORG; Wed, 17 Oct 2001 12:21:26 -0500 From: "Stephen Hilton" To: "FreeBSD Security" Subject: how-to install ipf3.4-current on FreeBSD 4.4-stable Date: Wed, 17 Oct 2001 12:21:51 -0500 Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2911.0) X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4522.1200 Importance: Normal Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org What is the correct procedure to update a FreeBSD 4.4-release or 4.4-stable system with the latest ipf3.4-current.tgz build. Something like this procedure ?: Get source file ipf3.4-current.tgz http://coombs.anu.edu.au/~avalon/ipf3.4-current.tgz untar in a new workdir: # tar -xvpzf ipf3.4-current.tgz # chown -R root.wheel ipf3.4-current # mv -i ipf3.4-current /usr/src/contrib/ # cd /usr/src/contrib/ # mv -i ipfilter ipfilter.orig # ln -s ipf3.4-current ipfilter # cd ipfilter # ./FreeBSD-4.0/kinstall (this is the step I am really wondering about) Customize your kernel, make sure it contains: options IPFILTER #ipfilter support options IPFILTER_LOG #ipfilter logging And optionally if you desire add: options IPFILTER_DEFAULT_BLOCK #block all packets by default options IPSTEALTH #support for stealth forwarding Then run through the build/install kernel/world mergemaster procedures http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/makeworld.html On a related note, is this shell script still correct for updating the userland parts of ipf without a whole buildworld procedure, or have things changed under FreeBSD 4.4 The script worked well for me under FreeBSD release 4.3, and was created, I believe, by Mr. Cy Schubert ---------------snip------------------ #!/bin/sh - # /root/bin/build_ipf_only.sh # (shell script to build and install userland portions of ipf) # (a kernel config and rebuild is also necessary as a separate step) # DIRS='/usr/src/sbin/ipf /usr/src/sbin/ipfstat /usr/src/sbin/ipmon /usr/src/sbin/ipnat /usr/src/usr.sbin/ipftest /usr/src/usr.sbin/ipresend /usr/src/usr.sbin/ipsend /usr/src/usr.sbin/iptest /sys/modules/ipfilter' DIRS='/usr/src/sbin/ipf /usr/src/sbin/ipfstat /usr/src/sbin/ipmon /usr/src/sbin/ipnat /usr/src/usr.sbin/ipftest /usr/src/usr.sbin/ipresend /usr/src/usr.sbin/ipsend /usr/src/usr.sbin/iptest' error() { echo $@ echo terminating abnormally exit 1 } echo for I in $DIRS; do echo "***** $I *****" echo cd $I || error cannot cd to $I make cleandir || error make clean failed # we do this twice in case there is any cruft in /usr/src itself make cleandir || error make clean failed make obj || error make obj failed make || error make failed make install cleandir || error make install failed echo done echo `basename $0` finished successfully ---------------snip------------------ Thanks for any help, Stephen Hilton nospam@hiltonbsd.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message