cvs commit: src/sys/conf files options src/sys/modules/ipfw Makefile src/sys/net bridge.c src/sys/netgraph ng_bridge.c src/sys/netinet ip_divert.c ip_dummynet.c ip_dummynet.h ip_fastfwd.c ip_fw.h ip_fw2.c ip_fw_pfil.c ip_input.c ip_output.c ...

[John Birrell]

On Tue, Aug 17, 2004 at 10:05:54PM +0000, Andre Oppermann wrote:
> andre       2004-08-17 22:05:54 UTC
> 
>   FreeBSD src repository
> 
>   Modified files:
>     sys/conf             files options 
>     sys/modules/ipfw     Makefile 
>     sys/net              bridge.c 
>     sys/netgraph         ng_bridge.c 
>     sys/netinet          ip_divert.c ip_dummynet.c ip_dummynet.h 
>                          ip_fastfwd.c ip_fw.h ip_fw2.c ip_input.c 
>                          ip_output.c ip_var.h raw_ip.c tcp_input.c 
>                          tcp_sack.c 
>     sys/sys              mbuf.h 
>   Added files:
>     sys/netinet          ip_fw_pfil.c 

A kernel config file which includes IPFIREWALL, but not PFIL_HOOKS will
not link (for obvious reasons).

Also, the script /etc/rc.d/ipfw tests the 'enable' sysctl which is removed
by this commit. The result is that if a kernel is booted with ipfw built
in, the /etc/rc.d/ipfw script tries to load the ipfw module. The module
load fails (for obvious reasons), causing the ipfw initialisation to fail
leaving the firewall in the deny-everything mode regardless of what is
configured in /etc/rc.conf.

This is an issue for 5.3. [ I assume re@ are reading this list ]

-- 
John Birrell