4.8 ipfilter ruleset compatibility question

John Murphy jfm at blueyonder.co.uk
Mon Apr 7 05:23:16 PDT 2003

John Murphy <jfm at blueyonder.co.uk> wrote:

>I've upgraded from 4.4 to 4.8 release by re-installation and then copying:
>/etc/rc.conf and the usual others from the old drive to the new.  Including
>the old, previously working, ipf.rules and ipnat.rules.

Solved.  Previous to 4.5 rc.conf required:
ipfilter_program="/sbin/ipf -Fa -f"
ipnat_program="/sbin/ipnat -CF -f"

Whereas Post 4.5 only:

is required to start ipfilter and ipnat.

With 4.8 _and_ the flags all packets were passed regardless of the rules
and ipfstat showed no packets blocked.  Without the flags everything
seems to work as before.


