cvs commit: src/sys/conf files options src/sys/modules/ipfw
Makefilesrc/sys/net bridge.c src/sys/netgraph ng_bridge.c
src/sys/netinet ip_divert.cip_dummynet.c ip_dummynet.h ip_fastfwd.c
ip_fw.h ip_fw2.c ip_fw_pfil.c ip_input.cip_output.c ...
Andre Oppermann
andre at freebsd.org
Thu Aug 19 03:10:04 PDT 2004
Nate Lawson wrote:
>
> John Birrell wrote:
> > On Tue, Aug 17, 2004 at 10:05:54PM +0000, Andre Oppermann wrote:
> >
> >>andre 2004-08-17 22:05:54 UTC
> >>
> >> FreeBSD src repository
> >>
> >> Modified files:
> >> sys/conf files options
> >> sys/modules/ipfw Makefile
> >> sys/net bridge.c
> >> sys/netgraph ng_bridge.c
> >> sys/netinet ip_divert.c ip_dummynet.c ip_dummynet.h
> >> ip_fastfwd.c ip_fw.h ip_fw2.c ip_input.c
> >> ip_output.c ip_var.h raw_ip.c tcp_input.c
> >> tcp_sack.c
> >> sys/sys mbuf.h
> >> Added files:
> >> sys/netinet ip_fw_pfil.c
> >
> >
> > A kernel config file which includes IPFIREWALL, but not PFIL_HOOKS will
> > not link (for obvious reasons).
> >
> > Also, the script /etc/rc.d/ipfw tests the 'enable' sysctl which is removed
> > by this commit. The result is that if a kernel is booted with ipfw built
> > in, the /etc/rc.d/ipfw script tries to load the ipfw module. The module
> > load fails (for obvious reasons), causing the ipfw initialisation to fail
> > leaving the firewall in the deny-everything mode regardless of what is
> > configured in /etc/rc.conf.
> >
> > This is an issue for 5.3. [ I assume re@ are reading this list ]
>
> I've been bitten by both. Actually, ipfw.ko won't load into a kernel
> built without PFIL_HOOKS. The duplicate load attempt also happens to me.
I'm looking into this and will have a fix later today.
--
Andre
More information about the cvs-src
mailing list