Date: Thu, 29 Oct 1998 05:10:36 -0500 (EST) From: Open Systems Networking <opsys@mail.webspan.net> To: Darren Reed <avalon@coombs.anu.edu.au> Cc: andrew@squiz.co.nz, freebsd-security@FreeBSD.ORG Subject: Re: IPFW problems... Message-ID: <Pine.BSF.4.02.9810290504040.22650-100000@orion.webspan.net> In-Reply-To: <199810291000.FAA24396@mail.webspan.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, 29 Oct 1998, Darren Reed wrote:
> > > Oct 28 15:56:55 pm330 /kernel: ip_fw_ctl: len=104, want 96
> >
> > I had this one when my build world was out of sync with my kernel build.
> > I presume there's been a change since the release (dummynet?) which has
> > changed the size of the data structure passed from ipfw to the kernel.
> >
> > Currently I can't get my 2.2.7 PAO kernel to work with my ipfw
> > (2.2.5-RELEASE source cvsup'ed to 2.2.7-RELEASE). If someone can tell me
> > how to cvsup my source to the original 2.2.7-RELEASE rather than the
> > latest STABLE then I'd be most obliged. The data cost of my link is
> > significant, and I was hoping to wait till 2.2.8 before buying my next CD
> > release.
>
> Just install IP Filter and convert your ruleset :-)
Bingo, you had to rebuild ipfw. This fixes that problem of the wrong
length. Just grab stable source and update ipfw. Problem solved. Did this
have to go into stable?
Darren If I had a dime everytime you have said this the above :-)
While going through the mail archives youll see darren reply to posts
about problems with ipfw and him declaring that ipfw is junk and to
install ipfilter and your problems go away. :-)
Darren you really know how to advocate a peice of code you should be our
mascot for advocacy. I will try ipfilter for another firewall box im
setting up. I like alot of the cool stuff, proxy support etc.. Although I
think ipfw does that not to unless im mistaken, but there is no harm in
trying them both. So ill give ipfilter a shot next time around.
Chris *whos in a pretty odd mood at 4 AM*
--
"You both seem to be ignoring the fact that the networking market is
driven by so-called 'IT professionals' these days, most of whom can't
tell the difference between an ARP and a carp." --Wes Peters
===================================| Open Systems FreeBSD Consulting.
FreeBSD 3.0 is available now! | Phone: (402)573-9124 / ICQ # 20016186
-----------------------------------| 3335 N. 103 Plaza, Omaha, NE 68134
FreeBSD: The power to serve! | E-Mail: opsys@open-systems.net
http://www.freebsd.org | Consulting, Network Engineering, Security
===================================| http://open-systems.net
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.02.9810290504040.22650-100000>