Date: Wed, 17 Oct 2001 12:21:51 -0500 From: "Stephen Hilton" <nospam@hiltonbsd.com> To: "FreeBSD Security" <freebsd-security@FreeBSD.ORG> Subject: how-to install ipf3.4-current on FreeBSD 4.4-stable Message-ID: <KPEMJADBBBFPDEDOIOMBCEOHDDAA.nospam@hiltonbsd.com>
next in thread | raw e-mail | index | archive | help
What is the correct procedure to update a FreeBSD 4.4-release or 4.4-stable system with the latest ipf3.4-current.tgz build. Something like this procedure ?: Get source file ipf3.4-current.tgz http://coombs.anu.edu.au/~avalon/ipf3.4-current.tgz untar in a new workdir: # tar -xvpzf ipf3.4-current.tgz # chown -R root.wheel ipf3.4-current # mv -i ipf3.4-current /usr/src/contrib/ # cd /usr/src/contrib/ # mv -i ipfilter ipfilter.orig # ln -s ipf3.4-current ipfilter # cd ipfilter # ./FreeBSD-4.0/kinstall (this is the step I am really wondering about) Customize your kernel, make sure it contains: options IPFILTER #ipfilter support options IPFILTER_LOG #ipfilter logging And optionally if you desire add: options IPFILTER_DEFAULT_BLOCK #block all packets by default options IPSTEALTH #support for stealth forwarding Then run through the build/install kernel/world mergemaster procedures http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/makeworld.html On a related note, is this shell script still correct for updating the userland parts of ipf without a whole buildworld procedure, or have things changed under FreeBSD 4.4 The script worked well for me under FreeBSD release 4.3, and was created, I believe, by Mr. Cy Schubert ---------------snip------------------ #!/bin/sh - # /root/bin/build_ipf_only.sh # (shell script to build and install userland portions of ipf) # (a kernel config and rebuild is also necessary as a separate step) # DIRS='/usr/src/sbin/ipf /usr/src/sbin/ipfstat /usr/src/sbin/ipmon /usr/src/sbin/ipnat /usr/src/usr.sbin/ipftest /usr/src/usr.sbin/ipresend /usr/src/usr.sbin/ipsend /usr/src/usr.sbin/iptest /sys/modules/ipfilter' DIRS='/usr/src/sbin/ipf /usr/src/sbin/ipfstat /usr/src/sbin/ipmon /usr/src/sbin/ipnat /usr/src/usr.sbin/ipftest /usr/src/usr.sbin/ipresend /usr/src/usr.sbin/ipsend /usr/src/usr.sbin/iptest' error() { echo $@ echo terminating abnormally exit 1 } echo for I in $DIRS; do echo "***** $I *****" echo cd $I || error cannot cd to $I make cleandir || error make clean failed # we do this twice in case there is any cruft in /usr/src itself make cleandir || error make clean failed make obj || error make obj failed make || error make failed make install cleandir || error make install failed echo done echo `basename $0` finished successfully ---------------snip------------------ Thanks for any help, Stephen Hilton nospam@hiltonbsd.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?KPEMJADBBBFPDEDOIOMBCEOHDDAA.nospam>