RELENG_5 kernel b0rken with IPFIREWALL and without PFIL_HOOKS
John Baldwin
jhb at FreeBSD.org
Thu Aug 19 09:53:00 PDT 2004
On Thursday 19 August 2004 12:18 pm, Jonathan T. Sage wrote:
> Barney Wolff wrote:
> > Sure, invoking ipfw directly works fine when ipfw's compiled into the
> > kernel, as does dotting /etc/rc.firewall. But /etc/rc.d/ipfw is what's
> > run at boot time, and that would seem, at least as I read it, to require
> > that ipfw be a module, not compiled in.
>
> no, it dosn't, kinda.
>
> if ! ${SYSCTL} net.inet.ip.fw.enable > /dev/null 2>&1; then
>
> if the sysctl item net.inet.ip.fw.enable does NOT exist, then try and
> load the module. otherwise, return 0 (all ok)
>
> if ! kldload ipfw; then
> warn unable to load firewall module.
> return 1
> fi
> fi
>
> it is failing because the net.inet.ip.fw.enable sysctl was removed. the
> script needs to be updated to rely on one of the still existing sysctls.
> as of right now, with no edits, the script cannot complete succesfully
> unless ipfw is left as a module. No doubt this will be fixed shortly.
Does it work ok if you change it to be 'net.inet.ip.fw'?
--
John Baldwin <jhb at FreeBSD.org> <>< http://www.FreeBSD.org/~jhb/
"Power Users Use the Power to Serve" = http://www.FreeBSD.org
More information about the freebsd-current
mailing list