-----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Richard Cotrina Sent: Friday, 1 April 2005 1:52 AM To: [email protected] Subject: Re: IPFilter 4.1.8
For some reason, ip_rules.c are not generated after doing make freebsd5. It must be done manually with: make ip_rules.c After installed and upgraded the ipf that comes as part of FreeBSD 5.3 ( ipf 3.4.35 ) I noticed some troubles with pass rules with "flags S keep state" statements: packets that matched those rules went blocked. Those rules were working fine in 3.4.35. I had to redefine those pass rules, removing "flags S" statement, to allow packets get passed in ipf 4.1.8. Regards ----- Original Message ----- From: "Richard Cotrina" <[EMAIL PROTECTED]> To: <[email protected]> Sent: Wednesday, March 30, 2005 3:39 PM Subject: Re: IPFilter 4.1.8 > In my case, after doing BSD/kupgrade, kernel rebuilding in FreeBSD 5.3 stops > at make depend stage with the following error : > > ======================================= > ===> ipfilter > @ -> /usr/src/sys > machine -> /usr/src/sys/sparc64/include > make: don't know how to make ip_rules.c. Stop > *** Error code 2 > > Stop in /usr/src/sys/modules. > *** Error code 1 > > Stop in /usr/src/sys/sparc64/compile/GENERIC > ======================================== > > Am I missing something ? > > > ----- Original Message ----- > From: "Darren Reed" <[EMAIL PROTECTED]> > To: <[email protected]> > Sent: Wednesday, March 30, 2005 9:44 AM > Subject: IPFilter 4.1.8 > > > > For those with FreeBSD 5.3 systems, I've cleanly compiled IPFilter as > > part of the kernel build after doing a BSD/kupgrade. > > > > Hopefully nutting out the problems with timeout queues has brought an end > > to panics that mention those functions. > > > > The change to SIOCGNATL is to provide support for identd being able to > > determine which host it should relay the connection to, an upcoming > > change to NetBSD. > > > > Cheers, > > Darren > > http://coombs.anu.edu.au/~avalon/ip_fil4.1.8.tar.gz > > > > e7d92bc8a4e7878a4c60bb3aff84384f ip_fil4.1.8.tar.gz > > > > 4.1.8 - Released 29 March 2005 > > > > include path from Phil Dibowitz for sorting ipfstat -t output by source or > > destination port. > > > > fix a bug in printing rules where interface names could not be printed, > > even if they're in the rule structure. > > > > fix BSD/kupgrade to correctly change ipfilter lkm Makefile for FreeBSD > > > > add a new features to SIOCGNATL: > > - if IPN_IN is set, search for a matching MAP entry instead of RDR > > (Peter Potsma) > > > > turn off function inlining for freebsd 5.3+ > > > > UDP doesn't pullup enough data which can sometimes cause a panic. > > Fix other protocols, as required, where a similar problem may exist. > > > > overhaul the timeout queue management, especially that for user defined > queues > > which are now only freed in an orderly manner. > > > > 4.1.7 - Released 13 March 2005 > > > > Recently compiled 4.1.8 with statetop enabled using GCC-3.4.2 on Solaris 9. On use ipfstat -t displays the window but when pressing "q" to quit it is ending the open session. Any ideas? Thanks, Adam
