Re: IPFW and/or rc rule parsing not working since today's cvsup
just committed a fix cheers luigi On Sun, Jul 13, 2003 at 01:31:07PM +0100, Matt wrote: Matt said: I normally sync to current once a week and have just done it today: FreeBSD tao.xtaz.co.uk 5.1-CURRENT FreeBSD 5.1-CURRENT #0: Sun Jul 13 12:24:40 BST 2003 [EMAIL PROTECTED]:/usr/obj/usr/src/sys/TAO i386 The problem is though that it looks like IPFW or RC has changed how it works. I'm not sure if this is intentional or not though. If it is intentional then I think it is a violation of POLA. ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-current To unsubscribe, send any mail to [EMAIL PROTECTED]
IPFW and/or rc rule parsing not working since today's cvsup
I normally sync to current once a week and have just done it today: FreeBSD tao.xtaz.co.uk 5.1-CURRENT FreeBSD 5.1-CURRENT #0: Sun Jul 13 12:24:40 BST 2003 [EMAIL PROTECTED]:/usr/obj/usr/src/sys/TAO i386 The problem is though that it looks like IPFW or RC has changed how it works. I'm not sure if this is intentional or not though. If it is intentional then I think it is a violation of POLA. The problem I have is this. In rc.conf I have the following: firewall_enable=YES firewall_script=/etc/rc.firewall firewall_type=/etc/ipfw.conf And in /etc/ipfw.conf I have sets of rules one line at a time like: add 00010 divert natd all from any to any via xl0 add 00120 allow tcp from any to any 80 via xl0 etc. This has always worked for me ever since I first started using ipfw on fbsd 4.1 and has always worked on current until today's cvsup. Now though no rules get loaded. If I try what I have always done in the past which is ipfw -q flush ipfw /etc/ipfw.conf then it tells me: usage: ipfw [options] do ipfw -h or see ipfw manpage for details Whereas before this week this worked perfectly. The /etc/rc.firewall still says that you can set a filename for the firewall_type so I assume this should still work as in fact just broken rather than a POLA. I definatly mergemaster'd everything that had changed properly. In fact I have even just run it again in case I missed something and everything is up to date. Any comments? Regards, Matt. -- email: [EMAIL PROTECTED] - web: http://xtaz.co.uk/ Hardware, n.: The parts of a computer system that can be kicked. ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-current To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: IPFW and/or rc rule parsing not working since today's cvsup
Matt said: I normally sync to current once a week and have just done it today: FreeBSD tao.xtaz.co.uk 5.1-CURRENT FreeBSD 5.1-CURRENT #0: Sun Jul 13 12:24:40 BST 2003 [EMAIL PROTECTED]:/usr/obj/usr/src/sys/TAO i386 The problem is though that it looks like IPFW or RC has changed how it works. I'm not sure if this is intentional or not though. If it is intentional then I think it is a violation of POLA. The problem I have is this. In rc.conf I have the following: firewall_enable=YES firewall_script=/etc/rc.firewall firewall_type=/etc/ipfw.conf And in /etc/ipfw.conf I have sets of rules one line at a time like: add 00010 divert natd all from any to any via xl0 add 00120 allow tcp from any to any 80 via xl0 etc. This has always worked for me ever since I first started using ipfw on fbsd 4.1 and has always worked on current until today's cvsup. Now though no rules get loaded. If I try what I have always done in the past which is ipfw -q flush ipfw /etc/ipfw.conf then it tells me: usage: ipfw [options] do ipfw -h or see ipfw manpage for details Whereas before this week this worked perfectly. The /etc/rc.firewall still says that you can set a filename for the firewall_type so I assume this should still work as in fact just broken rather than a POLA. I definatly mergemaster'd everything that had changed properly. In fact I have even just run it again in case I missed something and everything is up to date. Any comments? Regards, Matt. -- email: [EMAIL PROTECTED] - web: http://xtaz.co.uk/ Hardware, n.: The parts of a computer system that can be kicked. I have noticed that there have been a large number of ipfw commits this week in the cvs logs and so I believe this could be related. I am therefore emailing this direct to luigi as hopefully he can help :) -- email: [EMAIL PROTECTED] - web: http://xtaz.co.uk/ Hardware, n.: The parts of a computer system that can be kicked. ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-current To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: IPFW and/or rc rule parsing not working since today's cvsup
On Sun, 13 Jul 2003 13:17:36 +0100 (BST), Matt wrote:
| The problem I have is this. In rc.conf I have the following:
|
| firewall_enable=YES
| firewall_script=/etc/rc.firewall
| firewall_type=/etc/ipfw.conf
|
| And in /etc/ipfw.conf I have sets of rules one line at a time like:
|
| add 00010 divert natd all from any to any via xl0
| add 00120 allow tcp from any to any 80 via xl0
|
| etc.
|
| This has always worked for me ever since I first started using ipfw on
| fbsd 4.1 and has always worked on current until today's cvsup. Now though
| no rules get loaded.
|
| If I try what I have always done in the past which is ipfw -q flush
| ipfw /etc/ipfw.conf then it tells me:
|
| usage: ipfw [options]
| do ipfw -h or see ipfw manpage for details
If your /etc/ipfw.conf has blank line(s),
then you maybe met the same situation as me.
The mail that I posted to [EMAIL PROTECTED] is:
http://docs.freebsd.org/cgi/getmsg.cgi?fetch=65503+0+archive/2003/freebsd-ipfw/20030713.freebsd-ipfw
There are 3 cases for calling show_usage() in ipfw2.c.
My case is caught by if (l == 0) in ipfw_main().
The other cases are caught by if (ac == 0)
and by while ((ch = getopt(ac, av, acdefhnNqs:STtv)) != -1)
switch (ch) {
...
default:.
--
[EMAIL PROTECTED]
___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-current
To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: IPFW and/or rc rule parsing not working since today's cvsup
thanks for pointing out -- it turns out that by mistake i have changed the handling of blank lines in ipfw configs. I will restore the old behaviour ASAP (it's a trivial 1-2 line change). cheers luigi On Sun, Jul 13, 2003 at 01:31:07PM +0100, Matt wrote: Matt said: I normally sync to current once a week and have just done it today: FreeBSD tao.xtaz.co.uk 5.1-CURRENT FreeBSD 5.1-CURRENT #0: Sun Jul 13 12:24:40 BST 2003 [EMAIL PROTECTED]:/usr/obj/usr/src/sys/TAO i386 The problem is though that it looks like IPFW or RC has changed how it works. I'm not sure if this is intentional or not though. If it is intentional then I think it is a violation of POLA. The problem I have is this. In rc.conf I have the following: firewall_enable=YES firewall_script=/etc/rc.firewall firewall_type=/etc/ipfw.conf And in /etc/ipfw.conf I have sets of rules one line at a time like: add 00010 divert natd all from any to any via xl0 add 00120 allow tcp from any to any 80 via xl0 etc. This has always worked for me ever since I first started using ipfw on fbsd 4.1 and has always worked on current until today's cvsup. Now though no rules get loaded. If I try what I have always done in the past which is ipfw -q flush ipfw /etc/ipfw.conf then it tells me: usage: ipfw [options] do ipfw -h or see ipfw manpage for details Whereas before this week this worked perfectly. The /etc/rc.firewall still says that you can set a filename for the firewall_type so I assume this should still work as in fact just broken rather than a POLA. I definatly mergemaster'd everything that had changed properly. In fact I have even just run it again in case I missed something and everything is up to date. Any comments? Regards, Matt. -- email: [EMAIL PROTECTED] - web: http://xtaz.co.uk/ Hardware, n.: The parts of a computer system that can be kicked. I have noticed that there have been a large number of ipfw commits this week in the cvs logs and so I believe this could be related. I am therefore emailing this direct to luigi as hopefully he can help :) -- email: [EMAIL PROTECTED] - web: http://xtaz.co.uk/ Hardware, n.: The parts of a computer system that can be kicked. ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-current To unsubscribe, send any mail to [EMAIL PROTECTED]
