Re: IPFW and/or rc rule parsing not working since today's cvsup

From: Matt <matt_at_xtaz.co.uk>
Date: Sun, 13 Jul 2003 13:31:07 +0100 (BST)
Matt said:
> I normally sync to current once a week and have just done it today:
>
> FreeBSD tao.xtaz.co.uk 5.1-CURRENT FreeBSD 5.1-CURRENT #0: Sun Jul 13
> 12:24:40 BST 2003     root_at_shakira.xtaz.co.uk:/usr/obj/usr/src/sys/TAO
> i386
>
> The problem is though that it looks like IPFW or RC has changed how it
> works. I'm not sure if this is intentional or not though. If it is
> intentional then I think it is a violation of POLA.
>
> The problem I have is this. In rc.conf I have the following:
>
> firewall_enable="YES"
> firewall_script="/etc/rc.firewall"
> firewall_type="/etc/ipfw.conf"
>
> And in /etc/ipfw.conf I have sets of rules one line at a time like:
>
> add 00010 divert natd all from any to any via xl0
> add 00120 allow tcp from any to any 80 via xl0
>
> etc.
>
> This has always worked for me ever since I first started using ipfw on
> fbsd 4.1 and has always worked on current until today's cvsup. Now though
> no rules get loaded.
>
> If I try what I have always done in the past which is ipfw -q flush &&
> ipfw /etc/ipfw.conf then it tells me:
>
> usage: ipfw [options]
> do "ipfw -h" or see ipfw manpage for details
>
> Whereas before this week this worked perfectly. The /etc/rc.firewall still
> says that you can set a filename for the firewall_type so I assume this
> should still work as in fact just broken rather than a POLA.
>
> I definatly mergemaster'd everything that had changed properly. In fact I
> have even just run it again in case I missed something and everything is
> up to date.
>
> Any comments?
>
> Regards, Matt.
>
> --
> email: matt_at_xtaz.co.uk - web: http://xtaz.co.uk/
> Hardware, n.: The parts of a computer system that can be kicked.

I have noticed that there have been a large number of ipfw commits this
week in the cvs logs and so I believe this could be related. I am
therefore emailing this direct to luigi as hopefully he can help :)

-- 
email: matt_at_xtaz.co.uk - web: http://xtaz.co.uk/
Hardware, n.: The parts of a computer system that can be kicked.
Received on Sun Jul 13 2003 - 03:31:09 UTC

This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:37:14 UTC