|
Firewall-1
has several loading stages. After the kernel module is loaded, at run level 2,
the S00fwbootd script is executed which among other things pushes the firewall
over the
interfaces that it recognized as firewall-able based on the /etc/fw.boot/ifdev
list. At run level 2 init also executes two relatively simple scripts, S69-cppreinet
and S69zcppostinet, that make
sure S69inet does not turn on IP forwarding. At run
level 3 the S95firewall1 executes, which simply runs $FWDIR/bin/fwstart. You
might want to look at some of the customization you have done and make sure
your firewall loads
appropriately at the various stages. If you are
using StoneBeat you might want to look at the StoneBeat startup scripts and
make sure if brings up your interfaces correctly. Also, there
is a Release notes doc that explains what the service pack does. Please read it
carefully to get acquainted with the information in it. If you are
really curious about what exactly it does you can go through the pre- and post-
install scripts and the pkgmap(s). It shouldn’t take you more than a few
minutes. George -----Original
Message----- I've solved
(ok.. worked around...) this and as the support for checkpoint is that crap I'd
like to share the info with interested people. No, the etc/fwboot/ifdev
file was 100% ok. I used one of these
hardening scripts, in my case yassp, before installing fw-1. After this I
there's no trouble with the original installation of fw-1, but SP4 fails.
It gives no error message or any kind of helpful information. FW-1 simply do
not start. I did not take sufficient time to investigate exactly how but it's
at least in the pre- and/or postpatch script. For example I found out
that the correct startup file were not copied to /etc/rc2.d and the
installation did not process all of the postpatch script - it left some
temporary files in /etc/init.d. Solution: Don't use any
hardening scripts on fw-1 boxes, do it by hand. Alternative solution:
Install another firewall-product. One that comes with install and support
documentation/help for service packs. BR /J -----Original Message----- You said that you verified the
/etc/fw.boot/ifdev file, but does it really contain everything that was in it
before the service pack install? Any additions that were done after installing
the firewall software, such as new interfaces for StoneBeat FullCluster or
other products, tend to get wiped out when patches are installed. A default
FireWall-1 file is put in place. I'm the one that actual sent the
/etc/fw.boot/ifdev file info to the phoneboy site, but for some reason he
didn't seem to include the reason to check for this file and what to actually
look for. good luck to ya Ron "Johan Henell (TIM)" wrote: After
applying SP4 (I redid it after failing because of too large directory name - if
that have anything to do with it) fw1 (v4.1 on solaris sparc 2.7) fails to
install the security policy. The message is: .... .... Installing
security policy on xxx
* I tried
uninstalling the service pack, but no change. What to do
except reinstalling (if I lose the policy it doesn't matter, I can always redo
it) BR /J _____________________________________________________________________ IMPORTANT NOTICES: This message is intended only for the addressee. Please notify the sender by e-mail if you are not the intended recipient. If you are not the intended recipient, you may not copy, disclose, or distribute this message or its contents to any other person and any such actions may be unlawful. Banc of America Securities LLC("BAS") does not accept time sensitive, action-oriented messages or transaction orders, including orders to purchase or sell securities, via e-mail. BAS reserves the right to monitor and review the content of all messages sent to or from this e-mail address. Messages sent to or from this e-mail address may be stored on the BAS e-mail system. |
- [FW1] "bad file number" after installing sp4 Johan Henell (TIM)
- RE: [FW1] "bad file number" after instal... Johan Henell (TIM)
- Juppunov, George
