Ruslan Ermilov wrote: > On Thu, Aug 19, 2004 at 11:43:34AM -0400, Barney Wolff wrote: > >>I was inspired by the PFIL_HOOKS discussion to check my firewall rules :) >>There were none, other than 65535. Apparently, /etc/rc.d/ipfw attempts >>to kldload ipfw, which will fail if ipfw is compiled into the kernel, >>and since the precmd failed, the _cmd will not be run. When did it >>become mandatory to have ipfw as a module, not compiled in? Is there >>some rationale for this? It strikes me as rather dangerous, especially >>for firewalls, especially when default-to-accept is chosen. Am I just >>confused, and missing some obvious bit of config? >> >>Is it relevant that my /usr is on vinum, and the rules are in /usr/local/etc? >> > > net.inet.ip.fw.enable is gone, and it upsets /etc/rc.d/ipfw. > I asked Andre to follow up on this. > > > Cheers, this in mind, changing ipfw_precmd() { if ! ${SYSCTL} net.inet.ip.fw.enable > /dev/null 2>&1; then if ! kldload ipfw; then warn unable to load firewall module. return 1 fi fi to something along the lines of : ipfw_precmd() { if ! ${SYSCTL} net.inet.ip.fw > /dev/null 2>&1; then if ! kldload ipfw; then warn unable to load firewall module. return 1 fi fi should correct the problem until the script maintainer has a chance to take a look at exactlly what he/she may want to do. hope this helps ~j -- Jonathan T. Sage Theatrical Lighting / Set Designer Professional Web Design "He said he likes me, but he's not in-like with me."- Connie, King of the Hill [HTTP://www.JTSage.com] [HTTP://design.JTSage.com] [sagejona_at_msu.edu] [See Headers for Contact Info]
This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:38:07 UTC