Significant missing item in 11.0 release notes
Ian Smith
smithi at nimnet.asn.au
Mon Aug 1 09:28:39 UTC 2016
On Sun, 31 Jul 2016 12:28:06 -0700, Kevin Oberman wrote:
> This morning I updated my min user system from 10.3-Stable to 11.0-BETA3.
> In general, things went well, but I had two issues that prevented the
> network from operating. the first is a lack of documentation in the Release
> Notes and the second is a driver issue. Since they are in no way related,
> I'll send the report of the driver issue later.
>
> I use ipfw(8) tables in my firewall configuration. Unfortunately, 11.0 has
> introduced a totally re-worked tables structure. The new structure is
> awesome and I read about it at the time the changes were being planned and
> implemented, but had forgotten. As a result the very first line in my
> configuration, "table 1 flush" was no longer valid and the remainder of the
> file was ignored.
>
> I assumed that I had missed this in the release notes, but I can find no
> reference to this significant change that simultaneously greatly enhanced
> ipfw table functionality, but also broke my configuration. While the fix
> was trivial, if the Release Notes had addressed this, I would not have had
> the problem in the first place.
I don't see this as a Release Notes issue - though I guess it will be if
it cannot be quickly fixed before 11.0-RELEASE - but as a very serious
and - as far as I know - unreported regression in ipfw(8).
In 18 years I cannot recall any addition of features, or additional
options for existing features, that caused any breakage of existing
rulesets. What on earth could be invalid about "table 1 flush"?
cc'ing ipfw@, which is most likely where this should be discussed ..
cheers, Ian
More information about the freebsd-stable
mailing list