rwatson at freebsd.org
Wed Aug 11 14:56:01 PDT 2004
On Wed, 11 Aug 2004, Randy Bush wrote:
> ipfw seems to be starting in some strange state where it has loaded my
> ruleset but does not really process it. everything ends up in
> unreachable. if i run `ipfw -q /etc/ipfw.rules`, the same command set
> that's in /etc/rc.conf, it takes off as expected.
The recent addition of O_ANTISPOOF renumbered the IPFW rule operations, so
if you're using a newer kernel and an older user space, /sbin/ipfw will
think the rules mean one thing, but the kernel will think they mean
another. The miscreant has been convinced that this is a bad idea (always
append!) but since the damage was done we decided not to thrash the
operator numbers again.
Robert N M Watson FreeBSD Core Team, TrustedBSD Projects
robert at fledge.watson.org Principal Research Scientist, McAfee Research
More information about the freebsd-current