I was inspired by the PFIL_HOOKS discussion to check my firewall rules :) There were none, other than 65535. Apparently, /etc/rc.d/ipfw attempts to kldload ipfw, which will fail if ipfw is compiled into the kernel, and since the precmd failed, the _cmd will not be run. When did it become mandatory to have ipfw as a module, not compiled in? Is there some rationale for this? It strikes me as rather dangerous, especially for firewalls, especially when default-to-accept is chosen. Am I just confused, and missing some obvious bit of config? Is it relevant that my /usr is on vinum, and the rules are in /usr/local/etc? Thanks, BarneyReceived on Thu Aug 19 2004 - 13:43:35 UTC
This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:38:07 UTC