Re: RELENG_5 kernel b0rken with IPFIREWALL and without PFIL_HOOKS

From: John Baldwin <jhb_at_FreeBSD.org>
Date: Thu, 19 Aug 2004 12:52:30 -0400
On Thursday 19 August 2004 12:18 pm, Jonathan T. Sage wrote:
> Barney Wolff wrote:
> > Sure, invoking ipfw directly works fine when ipfw's compiled into the
> > kernel, as does dotting /etc/rc.firewall.  But /etc/rc.d/ipfw is what's
> > run at boot time, and that would seem, at least as I read it, to require
> > that ipfw be a module, not compiled in.
>
> no, it dosn't, kinda.
>
>          if ! ${SYSCTL} net.inet.ip.fw.enable > /dev/null 2>&1; then
>
> if the sysctl item net.inet.ip.fw.enable does NOT exist, then try and
> load the module.  otherwise, return 0 (all ok)
>
>                  if ! kldload ipfw; then
>                          warn unable to load firewall module.
>                          return 1
>                  fi
>          fi
>
> it is failing because the net.inet.ip.fw.enable sysctl was removed.  the
> script needs to be updated to rely on one of the still existing sysctls.
>   as of right now, with no edits, the script cannot complete succesfully
> unless ipfw is left as a module.  No doubt this will be fixed shortly.

Does it work ok if you change it to be 'net.inet.ip.fw'?

-- 
John Baldwin <jhb_at_FreeBSD.org>  <><  http://www.FreeBSD.org/~jhb/
"Power Users Use the Power to Serve"  =  http://www.FreeBSD.org
Received on Thu Aug 19 2004 - 14:53:00 UTC

This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:38:07 UTC