cvs commit: src/sys/conf files options
src/sys/modules/ipfwMakefile ip_divert.cip_input.c ip_output.c ...
Nate Lawson
nate at root.org
Wed Aug 18 21:11:28 PDT 2004
John Birrell wrote:
> On Tue, Aug 17, 2004 at 10:05:54PM +0000, Andre Oppermann wrote:
>
>>andre 2004-08-17 22:05:54 UTC
>>
>> FreeBSD src repository
>>
>> Modified files:
>> sys/conf files options
>> sys/modules/ipfw Makefile
>> sys/net bridge.c
>> sys/netgraph ng_bridge.c
>> sys/netinet ip_divert.c ip_dummynet.c ip_dummynet.h
>> ip_fastfwd.c ip_fw.h ip_fw2.c ip_input.c
>> ip_output.c ip_var.h raw_ip.c tcp_input.c
>> tcp_sack.c
>> sys/sys mbuf.h
>> Added files:
>> sys/netinet ip_fw_pfil.c
>
>
> A kernel config file which includes IPFIREWALL, but not PFIL_HOOKS will
> not link (for obvious reasons).
>
> Also, the script /etc/rc.d/ipfw tests the 'enable' sysctl which is removed
> by this commit. The result is that if a kernel is booted with ipfw built
> in, the /etc/rc.d/ipfw script tries to load the ipfw module. The module
> load fails (for obvious reasons), causing the ipfw initialisation to fail
> leaving the firewall in the deny-everything mode regardless of what is
> configured in /etc/rc.conf.
>
> This is an issue for 5.3. [ I assume re@ are reading this list ]
I've been bitten by both. Actually, ipfw.ko won't load into a kernel
built without PFIL_HOOKS. The duplicate load attempt also happens to me.
-Nate
More information about the cvs-src
mailing list