Date: Wed, 11 Aug 2004 17:54:23 -0400 (EDT) From: Robert Watson <rwatson@freebsd.org> To: Randy Bush <randy@psg.com> Cc: FreeBSD Current <freebsd-current@freebsd.org> Subject: Re: ipfw Message-ID: <Pine.NEB.3.96L.1040811175316.28766B-100000@fledge.watson.org> In-Reply-To: <16666.37963.904734.842647@ran.psg.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, 11 Aug 2004, Randy Bush wrote: > ipfw seems to be starting in some strange state where it has loaded my > ruleset but does not really process it. everything ends up in > unreachable. if i run `ipfw -q /etc/ipfw.rules`, the same command set > that's in /etc/rc.conf, it takes off as expected. The recent addition of O_ANTISPOOF renumbered the IPFW rule operations, so if you're using a newer kernel and an older user space, /sbin/ipfw will think the rules mean one thing, but the kernel will think they mean another. The miscreant has been convinced that this is a bad idea (always append!) but since the damage was done we decided not to thrash the operator numbers again. Robert N M Watson FreeBSD Core Team, TrustedBSD Projects robert@fledge.watson.org Principal Research Scientist, McAfee Research
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.NEB.3.96L.1040811175316.28766B-100000>