From owner-cvs-src@FreeBSD.ORG  Thu Aug 19 03:08:56 2004
Return-Path: <owner-cvs-src@FreeBSD.ORG>
Delivered-To: cvs-src@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP
	id 9BA0916A4CE; Thu, 19 Aug 2004 03:08:56 +0000 (GMT)
Received: from freebsd3.cimlogic.com.au (adsl-20-121.swiftdsl.com.au
	[218.214.20.121])	by mx1.FreeBSD.org (Postfix) with ESMTP
	id 2F92743D70; Thu, 19 Aug 2004 03:08:56 +0000 (GMT)
	(envelope-from jb@cimlogic.com.au)
Received: by freebsd3.cimlogic.com.au (Postfix, from userid 102)
	id EE1C46A946; Thu, 19 Aug 2004 13:08:54 +1000 (EST)
Date: Thu, 19 Aug 2004 13:08:54 +1000
From: John Birrell <jb@cimlogic.com.au>
To: Andre Oppermann <andre@FreeBSD.org>
Message-ID: <20040819030854.GM99521@freebsd3.cimlogic.com.au>
References: <200408172205.i7HM5sDs087606@repoman.freebsd.org>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <200408172205.i7HM5sDs087606@repoman.freebsd.org>
User-Agent: Mutt/1.4.2.1i
cc: cvs-src@FreeBSD.org
cc: src-committers@FreeBSD.org
cc: cvs-all@FreeBSD.org
Subject: Re: cvs commit: src/sys/conf files options src/sys/modules/ipfw
	Makefile src/sys/net bridge.c src/sys/netgraph ng_bridge.c
	src/sys/netinet ip_divert.c ip_dummynet.c ip_dummynet.h
	ip_fastfwd.c ip_fw.h ip_fw2.c ip_fw_pfil.c ip_input.c ip_output.c
	...
X-BeenThere: cvs-src@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: CVS commit messages for the src tree <cvs-src.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/cvs-src>,
	<mailto:cvs-src-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/cvs-src>
List-Post: <mailto:cvs-src@freebsd.org>
List-Help: <mailto:cvs-src-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/cvs-src>,
	<mailto:cvs-src-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 19 Aug 2004 03:08:56 -0000

On Tue, Aug 17, 2004 at 10:05:54PM +0000, Andre Oppermann wrote:
> andre       2004-08-17 22:05:54 UTC
> 
>   FreeBSD src repository
> 
>   Modified files:
>     sys/conf             files options 
>     sys/modules/ipfw     Makefile 
>     sys/net              bridge.c 
>     sys/netgraph         ng_bridge.c 
>     sys/netinet          ip_divert.c ip_dummynet.c ip_dummynet.h 
>                          ip_fastfwd.c ip_fw.h ip_fw2.c ip_input.c 
>                          ip_output.c ip_var.h raw_ip.c tcp_input.c 
>                          tcp_sack.c 
>     sys/sys              mbuf.h 
>   Added files:
>     sys/netinet          ip_fw_pfil.c 

A kernel config file which includes IPFIREWALL, but not PFIL_HOOKS will
not link (for obvious reasons).

Also, the script /etc/rc.d/ipfw tests the 'enable' sysctl which is removed
by this commit. The result is that if a kernel is booted with ipfw built
in, the /etc/rc.d/ipfw script tries to load the ipfw module. The module
load fails (for obvious reasons), causing the ipfw initialisation to fail
leaving the firewall in the deny-everything mode regardless of what is
configured in /etc/rc.conf.

This is an issue for 5.3. [ I assume re@ are reading this list ]

-- 
John Birrell