IPFIREWALL_DEFAULT_TO_ACCEPT becomes default to deny
Peter Jeremy
peterjeremy at optushome.com.au
Mon Feb 9 01:23:59 PST 2004
On Mon, Feb 09, 2004 at 08:32:36AM +0100, Gogh, Ruben van wrote:
>Last friday I upgraded to 4.8-RELEASE-p15. As usual I set IPFIREWALL to
>default accept in my kernel config file.
>config & make weren't complaining so, installed the kernel, reboot and there
>it was:
>>IP packet filtering initialized, divert disabled, rule-based forwarding
>enabled, default to deny, logging disabled
>Output of ipfw show:
>65535 0 0 deny ip from any to any
This means IPFIREWALL_DEFAULT_TO_ACCEPT is not defined when
/sys/netinet/ip_fw.c is compiled.
Do you have "options INCLUDE_CONFIG_FILE"? If so, does
"options IPFIREWALL_DEFAULT_TO_ACCEPT" show up in your kernel?
Does /usr/obj/usr/src/sys/<<KERNELNAME>>/opt_ipfw.h or
/sys/compile/<<KERNELNAME>>/opt_ipfw.h include the lines:
#define IPFIREWALL 1
#define IPFIREWALL_DEFAULT_TO_ACCEPT 1
Does the kernelname in your dmesg.boot match your expected config?
Have you wiped /usr/obj[/usr/src/sys/<<KERNELNAME>>] or /sys/compile
and re-built the kernel?
Have you tried wiping /usr/src[/sys], re-extracting/cvsuping and re-building?
>THERE are no such thing as settings in rc.conf like firewall_type="closed"
>or what so ever. When I boot up with the older kernel it use default to
>accept...
What version is this kernel?
>I triple checked the config file for the right settings. And, as I did
>config && make depend && make install the system
>wasn't complaing about a thing.
I gather from this that you are using the "old" kernel build strategy.
You are aware that this is missing a step: Neither "make depend" nor
"make install" actually compiles the kernel. You need to do a "make"
in between.
Peter
More information about the freebsd-security
mailing list