cvs commit: src/sys/conf files options src/sys/modules/ipfw
Makefilesrc/sys/net bridge.c src/sys/netgraph ng_bridge.c src/sys/netinet
ip_fw_pfil.c ip_input.cip_output.c ...
Nate Lawson
nate at root.org
Thu Aug 19 09:47:31 PDT 2004
Andre Oppermann wrote:
> Nate Lawson wrote:
>
>>John Birrell wrote:
>>
>>>On Tue, Aug 17, 2004 at 10:05:54PM +0000, Andre Oppermann wrote:
>>>
>>>
>>>>andre 2004-08-17 22:05:54 UTC
>>>>
>>>> FreeBSD src repository
>>>>
>>>> Modified files:
>>>> sys/conf files options
>>>> sys/modules/ipfw Makefile
>>>> sys/net bridge.c
>>>> sys/netgraph ng_bridge.c
>>>> sys/netinet ip_divert.c ip_dummynet.c ip_dummynet.h
>>>> ip_fastfwd.c ip_fw.h ip_fw2.c ip_input.c
>>>> ip_output.c ip_var.h raw_ip.c tcp_input.c
>>>> tcp_sack.c
>>>> sys/sys mbuf.h
>>>> Added files:
>>>> sys/netinet ip_fw_pfil.c
>>>
>>>
>>>A kernel config file which includes IPFIREWALL, but not PFIL_HOOKS will
>>>not link (for obvious reasons).
>>>
>>>Also, the script /etc/rc.d/ipfw tests the 'enable' sysctl which is removed
>>>by this commit. The result is that if a kernel is booted with ipfw built
>>>in, the /etc/rc.d/ipfw script tries to load the ipfw module. The module
>>>load fails (for obvious reasons), causing the ipfw initialisation to fail
>>>leaving the firewall in the deny-everything mode regardless of what is
>>>configured in /etc/rc.conf.
>>>
>>>This is an issue for 5.3. [ I assume re@ are reading this list ]
>>
>>I've been bitten by both. Actually, ipfw.ko won't load into a kernel
>>built without PFIL_HOOKS. The duplicate load attempt also happens to me.
>
>
> I'm looking into this and will have a fix later today.
Thanks, Andre.
-Nate
More information about the cvs-src
mailing list