On Sat, Dec 14, 2002 at 02:09:13PM -0800, Matthew Dillon wrote:
> :
> :On Sat, Dec 14, 2002 at 12:38:13PM -0800, Matthew Dillon wrote:
> :>     then, as usual, IPFW with the new kernel and
> :>     old world fails utterly and now the fragging machine can't access the
> :
> :Hear hear!!  I am >< tempted to have /sbin/ipfw moved to src/sys.
>     How about something like this (patch enclosed).  If there are no
>     objections I will commit it along with a documentation update, and
>     maybe also add some RC code give the sysad a chance to ipfw unbreak if
>     ipfw otherwise fails during the boot sequence.

How this could be helpful in a remote upgrade scenario that has
IPFW ABI incompatibility issues?

One alternative approach would be to not compile IPFW into a
kernel but rather have it loaded as a module.  Then, you
install new kernel, edit out ipfw_enable="YES" for the time
being, reboot with the new kernel, installworld, edit
ipfw_enable="YES" back in, reboot, and you're done.

Ruslan Ermilov          Sysadmin and DBA,
[EMAIL PROTECTED]           Sunbay Software AG,
[EMAIL PROTECTED]          FreeBSD committer,
+380.652.512.251        Simferopol, Ukraine

http://www.FreeBSD.org  The Power To Serve
http://www.oracle.com   Enabling The Information Age

Attachment: msg48845/pgp00000.pgp
Description: PGP signature

Reply via email to