Hello everybody, I upgraded to yesterday's -CURRENT and have made a few observations:
1) The natd does not work. This is known, but I have tracked it to its interaction with libalias, which means that any program that uses libalias functions is also affected (and indeed, ppp(8)'s -nat option does not work either). If I downgrade the file src/sys/netinet/ip_fw.h to the version from June 27, and recompile libalias and natd, things will work. 2) and much more alarmingly: Although the new ipfw really seems to process the ruleset faster, some rules appear to do nothing! I have a "default-to-deny" setup, so theoretically this should mean that I should be cut off from the net if the allow rules do not work. And indeed, flushing all rules gives the expected behaviour. But as soon as I load the ruleset file (which is the same as previously and then it worked as expected) the fw becomes wide-open, the only rules that appear to work are the divert for natd, and the allow rules. But the deny rules do nothing, it seems that even the "catch-all" implicit deny rule at the bottom does nothing. Am I going insane, or is this real? Also, I have observed that when loading the rules from the ruleset file, ipfw prints two lines for each, one with the expected rule number and one with all zeros. I don't know if it's significant though. It is like this: 00000 deny log ip from any to any 03600 deny log ip from any to any This did not happen previously... -- Regards: Szilveszter ADAM Szombathely Hungary To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-current" in the body of the message
