rule 00000.

Freddie Cash fjwcash at gmail.com
Wed Apr 7 15:10:35 UTC 2010


2010/4/6 Erich Jenkins, Fuujin Group Ltd <erich at fuujingroup.com>

> Pawel Tyll wrote:
>
>> Unfortunately FreeBSD 8.0-STABLE #0: Mon Apr 5 08:43:58 CEST 2010
>> still has problems.
>>
>> ipfw show:
>> (...)
>> 65534 44262253 27617819701 allow ip from any to any
>> 00001     5335      405460 allow ip from me to any dst-port 123
>> 00000        0           0  ip from any to any
>>
>> Anything I can do to help?
>>
>

> Pawel:
>
> My skin crawled the moment I read this post. Could you provide a bit more
> information about this issue? I manage a very large deployment of FreeBSD
> boxes which are geographically dispersed, and we've started upgrading them
> to the 8.0 release. My default policy is to deny everything but the services
> running, so I generally end with a "deny all" statement, and the last thing
> I want is to lock myself out and have to dispatch a technician...
>
> Is this problem localized to any particular architecture? (we have sparc64,
> amd64 and i386 servers deployed). Is this just the stable branch that's
> affected, or was this bug also in the ISO release? (I deploy via
> NFS/FTP/bootp from internal servers hosting the ISO images).
>
> If you read the archives of this list, you'll find that this issue only
applies to 8-STABLE after the 8.0 release.  Thus, if you upgrade to
8.0-RELEASE, you will not run into this problem.

Luigi is doing a bunch of cleanups, refactoring, and updates to the ipfw
code in 8-STABLE/9-CURRENT.  Things are a bit unstable right now, but
getting better with each passing day.

IOW, nothing to worry about unless you have plans to upgrade to 8-STABLE.
 :)

-- 
Freddie Cash
fjwcash at gmail.com


More information about the freebsd-ipfw mailing list