From nobody Thu Dec 11 20:33:14 2025 X-Original-To: bugs@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4dS46L36S9z6KKC9 for ; Thu, 11 Dec 2025 20:33:14 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R12" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4dS46L2MmFz3Ws4 for ; Thu, 11 Dec 2025 20:33:14 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1765485194; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=k3B4OKiU6GTq18wk5EDCoEz9kQ9Uqweq6SKYwXf3aSM=; b=w89OI8KUan7Sd54dLa9ciyoe4GlodwyWWNydOoedZfHDp18T/gRRoGKcEOcTdH+GdDCj+2 tsG0lCi0ynAnnFd/ORAas3iOz1tAUFTS9E4aeCzRJvSxWbt/DVPbvQKJjdnIW3PUeoMdyw GlKGDHG6M3yMgovUGcDbLigMVRhYKcQtUegpKNvP9M5+aXwlcSpwwogQX+wirHcPTc5APG VSvveKWcMg0qPPsU0NlX6+gzX3pHpMpL4jH4dyPhJrCU9Jz1DNxvvgXyMunBj4p99FAsaf LjcD+nlp6rWxuKjPwR8kkJ2QJuKxA0LaKnPCy3HEkHRvOKWDCJkUyBBCl41s+Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1765485194; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=k3B4OKiU6GTq18wk5EDCoEz9kQ9Uqweq6SKYwXf3aSM=; b=nCM5q2A1vKn9GMqCXi1iMygUHDHWPxVUnDiNd3okWeZecCeXwxdRfgUUzmCpm2316NzOz7 yZPp1FRFBR8VvRDoLLGZm/KYKi6KdIoYSEB5U+Qfps9wJ7rtuN8re6lCCPJbL8L9LogKnX 4VFfH3ut+xHQc8XT8tvQgDFlZVRRbnCRicH22s9xVvCnsRA/YgjRL8Uodsst1NN4iXKSrU oROq1V5SyLzatOR0kMrOczaWgPpafGCyR8MBGeAjLTHUEMGbbYtAuBiZhMRl4qgeriEjDL Qu5P0BUMbHSnmDaXQFPB9l44Q8FgCpA44gDH1Rx1XSiuIB/35zl4pRw/YL/VmA== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1765485194; a=rsa-sha256; cv=none; b=m5arw8OmesS7L3/xwuE3sZ74Y+9cLAj7UQK4H1YRj+VwtgOIWNAVI6GwDJx6yd4HeBg0ON 6iONvcsXl4oyj/VirqXmdjWnOoHUeDhnZ/q8T5amGYIB1wBNnTS3DjVPyii0U+YaSsKsMI ZjA+boCXMgePsClohpyPskAXizdlZORkUvGiIP5N0nuK6ePBLeV5V9Jz35Fz+PfzQWN00E WksO0loFIWYg0A0Dz+RnQ5NJHtkNYFs4raXHFDNtcWEuEQgEuBwOk2kiEC+V+Cl182l30s AH8LbyH7aCvwOQS12pzgOWiz958IYK+t1weCOnkxuzkaXxgJ0m+CpdzqU9HqzA== ARC-Authentication-Results: i=1; mx1.freebsd.org; none Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2610:1c1:1:606c::50:1d]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4dS46L1jyLznCS for ; Thu, 11 Dec 2025 20:33:14 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org ([127.0.1.5]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id 5BBKXDQh041665 for ; Thu, 11 Dec 2025 20:33:13 GMT (envelope-from bugzilla-noreply@freebsd.org) Received: (from www@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id 5BBKXDtp041664 for bugs@FreeBSD.org; Thu, 11 Dec 2025 20:33:13 GMT (envelope-from bugzilla-noreply@freebsd.org) X-Authentication-Warning: kenobi.freebsd.org: www set sender to bugzilla-noreply@freebsd.org using -f From: bugzilla-noreply@freebsd.org To: bugs@FreeBSD.org Subject: [Bug 291562] freebsd-update: 14.3-15.0 ipfw incompatibility disaster for remote system with no console access Date: Thu, 11 Dec 2025 20:33:14 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: misc X-Bugzilla-Version: 15.0-RELEASE X-Bugzilla-Keywords: X-Bugzilla-Severity: Affects Some People X-Bugzilla-Who: barneywolff@gmail.com X-Bugzilla-Status: New X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: bugs@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: Message-ID: In-Reply-To: References: Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="UTF-8" X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated List-Id: Bug reports List-Archive: https://lists.freebsd.org/archives/freebsd-bugs List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-bugs@FreeBSD.org MIME-Version: 1.0 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D291562 --- Comment #3 from Barney Wolff --- Certainly belongs in relnotes, but since this issue has the potential to essentially brick systems unless or until console access can be arranged, something more prominent seems to me to be appropriate. I can understand and agree with the fbsd approach that requires user interaction to complete a major upgrade. But as a macOS user also I greatly appreciate the ability to just click ok and walk away, and come back to an upgraded system. Is there some scenario where an admin would want/need to do anything after = the first reboot, before running freebsd-update install again to install the wo= rld and then reboot once more? As a safety net, that first boot could be done a= s a boot-once, with automatic fallback to the previous kernel if for some reason the new kernel fails to boot successfully. There will always be some failure mode where that doesn't work, but that might decrease the incidence of disaster. Oh, and just to state the obvious, turning on default-to-accept in sysctl.c= onf, even temporarily, is not acceptable on an Internet-connected system that's = not behind a firewall. I'm not up to speed on pkgbase. Does that solve this issue? --=20 You are receiving this mail because: You are the assignee for the bug.=