I upgraded a remote dedicated server from 5.1 to 5.3-BETA1 today with a step by step procedure described in /usr/src/Makefile and everything went ok. Well, almost. I compiled the kernel (took the GENERIC conf from 5.3, so options PFIL_HOOKS is already there) with: options IPFIREWALL options IPFIREWALL_VERBOSE options IPFIREWALL_VERBOSE_LIMIT=100 put firewall_enable="YES", firewall_type="open" in rc.conf, rebooted and locked myself out (world and kernel are in sync, before someone asks). After I could access the box again I tried to see what was wrong: root_at_wesside:~# ipfw show 00100 0 0 allow ip from any to any 65535 0 0 deny ip from any to any root_at_wesside:~# ping yahoo.com PING yahoo.com (66.94.231.98): 56 data bytes 64 bytes from 66.94.231.98: icmp_seq=0 ttl=58 time=3.324 ms 64 bytes from 66.94.231.98: icmp_seq=1 ttl=54 time=5.138 ms 64 bytes from 66.94.231.98: icmp_seq=2 ttl=58 time=3.671 ms ^C --- yahoo.com ping statistics --- 3 packets transmitted, 3 packets received, 0% packet loss round-trip min/avg/max/stddev = 3.324/4.044/5.138/0.786 ms root_at_wesside:~# ipfw show 00100 0 0 allow ip from any to any 65535 0 0 deny ip from any to any Why aren't the packet and byte counters increased? Since the firewall was totally unresponsive to any rulset changes I removed above options from the kernel and decided to try the module instead. With firewall_type="open" left in rc.conf (but firewall_enable changed to "NO") I executed `kldload /boot/kernel/ipfw.ko && sh /etc/rc.firewall ; sleep 100 ; kldunload ipfw ; sleep 200 ; reboot` and locked myself out again. I don't know what really happend and am still waiting for the reply from the support team of the hosting company, but is it me or there's something wrong with ipfw? Anyone else seeing this? I'd appreciate any pointers. -RadekReceived on Wed Aug 25 2004 - 20:22:58 UTC
This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:38:08 UTC