thanks for pointing out -- it turns out that by mistake i have changed the
handling of blank lines in ipfw configs. I will restore the
old behaviour ASAP (it's a trivial 1-2 line change).
cheers
luigi
On Sun, Jul 13, 2003 at 01:31:07PM +0100, Matt wrote:
>
> Matt said:
> > I normally sync to current once a week and have just done it today:
> >
> > FreeBSD tao.xtaz.co.uk 5.1-CURRENT FreeBSD 5.1-CURRENT #0: Sun Jul 13
> > 12:24:40 BST 2003 [EMAIL PROTECTED]:/usr/obj/usr/src/sys/TAO
> > i386
> >
> > The problem is though that it looks like IPFW or RC has changed how it
> > works. I'm not sure if this is intentional or not though. If it is
> > intentional then I think it is a violation of POLA.
> >
> > The problem I have is this. In rc.conf I have the following:
> >
> > firewall_enable="YES"
> > firewall_script="/etc/rc.firewall"
> > firewall_type="/etc/ipfw.conf"
> >
> > And in /etc/ipfw.conf I have sets of rules one line at a time like:
> >
> > add 00010 divert natd all from any to any via xl0
> > add 00120 allow tcp from any to any 80 via xl0
> >
> > etc.
> >
> > This has always worked for me ever since I first started using ipfw on
> > fbsd 4.1 and has always worked on current until today's cvsup. Now though
> > no rules get loaded.
> >
> > If I try what I have always done in the past which is ipfw -q flush &&
> > ipfw /etc/ipfw.conf then it tells me:
> >
> > usage: ipfw [options]
> > do "ipfw -h" or see ipfw manpage for details
> >
> > Whereas before this week this worked perfectly. The /etc/rc.firewall still
> > says that you can set a filename for the firewall_type so I assume this
> > should still work as in fact just broken rather than a POLA.
> >
> > I definatly mergemaster'd everything that had changed properly. In fact I
> > have even just run it again in case I missed something and everything is
> > up to date.
> >
> > Any comments?
> >
> > Regards, Matt.
> >
> > --
> > email: [EMAIL PROTECTED] - web: http://xtaz.co.uk/
> > Hardware, n.: The parts of a computer system that can be kicked.
>
> I have noticed that there have been a large number of ipfw commits this
> week in the cvs logs and so I believe this could be related. I am
> therefore emailing this direct to luigi as hopefully he can help :)
>
> --
> email: [EMAIL PROTECTED] - web: http://xtaz.co.uk/
> Hardware, n.: The parts of a computer system that can be kicked.
_______________________________________________
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-current
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
