Date: Tue, 28 May 2002 14:37:53 -0700 (PDT) From: Matthew Dillon <dillon@apollo.backplane.com> To: Irwan Hadi <irwanhadi@phxby.com>, Jeff Jirsa <jeff@boris.st.hmc.edu>, Irwan Hadi <irwanhadi@phxby.com>, freebsd-questions@FreeBSD.ORG, freebsd-stable@FreeBSD.ORG Subject: Re: Server won't boot after recompile the kernel with ipfw support Message-ID: <200205282137.g4SLbrun025037@apollo.backplane.com> References: <20020528142640.A22370@phxby.com> <20020528133316.S16405-100000@boris.st.hmc.edu> <20020528150941.A24676@phxby.com> <200205282131.g4SLVmYZ024980@apollo.backplane.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Oh, I forgot to mention. A very common mistake when upgrading a system is to install a new kernel without installing a new world, or to install a new world without installing a new kernel. This can create a situation where the machine is unable to add any firewall rules, resulting in the network being permanently disabled. This occurs when the kernel structures used by the 'ipfw' binary are incompatible with the structures the running kernel expects. It is very important when upgrading a machine to install both a new kernel AND A new world before rebooting. Alternatively if you compile a custom kernel and set the IPFIREWALL_DEFAULT_TO_ACCEPT option in addition to the IPFIREWALL option, then at least the kernel will boot into a default state that allows the network to work, even if the ipfw binary is broken. -Matt To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200205282137.g4SLbrun025037>