New Kernel Breaks IPFW
Terry Lambert
tlambert2 at mindspring.com
Tue Jun 10 23:25:41 PDT 2003
Ian Freislich wrote:
> Terry Lambert wrote:
> > > > Short term, cd /usr/src/sbin/ipfw; make depend && make all install ought
> > > > to fix it.
> > >
> > > I tried that as well, but the new binary also dumps core, but works
> > > well with previous versions of the firewall. Even back as far as
> > > my kernel.working from May 7 2003.
> >
> > Bogus header files; specifically, <netinet/ip_fw.h>. Because you
> > can't build world, you are compiling the ipfw program with the old
> > system include files instead of the new ones. You may also be
> > missing a cvs update on the ipfw sources themselves (specifically,
> > ipfw2.c).
>
> No, it did compile ipfw2.c (r1.24). I also installed all new
> includes before I compiled ipfw and re-worlding to no avail. I
> figured an old kernel with a working firewall was better than a new
> kernel with no firewall.
No. The problem is that you compiled ipfw2.c with the header
/usr/include/netinet/ip_fw.h, and not /usr/src/netinet/ip_fw.h.
The way you get the new header is to install it, and as you
noticed, that doesn't work.
Alternately, you can specify a CFLAGS=-I/usr/src, and it will
get the header that matches your kernel.
Since the buildworld is a simple fix (back out the changes to
the .mk file before trying to build), you should do that, instead.
-- Terry
More information about the freebsd-current
mailing list