4.8 ipfilter ruleset compatibility question
John Murphy
jfm at blueyonder.co.uk
Mon Apr 7 05:23:16 PDT 2003
John Murphy <jfm at blueyonder.co.uk> wrote:
>I've upgraded from 4.4 to 4.8 release by re-installation and then copying:
>/etc/rc.conf and the usual others from the old drive to the new. Including
>the old, previously working, ipf.rules and ipnat.rules.
Solved. Previous to 4.5 rc.conf required:
ipfilter_program="/sbin/ipf -Fa -f"
ipnat_program="/sbin/ipnat -CF -f"
Whereas Post 4.5 only:
ipfilter_program="/sbin/ipf"
ipnat_program="/sbin/ipnat"
is required to start ipfilter and ipnat.
With 4.8 _and_ the flags all packets were passed regardless of the rules
and ipfstat showed no packets blocked. Without the flags everything
seems to work as before.
John.
More information about the freebsd-questions
mailing list