RE : RE : IPFilter
Yes, SPI stands for Statefull Packet Inspection. Wasn't aware IPFW was a SPI Firewall, always thought IPFilter was much better. I used to run iptables on Linux and tried IPFilter (which is very good imho). IPFW pages aren't that explicit or I didn't looked at the right place. Any of you can point me some nice pages to learn more about it ? Regards -Message d'origine- De : [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] De la part de Daniel C. Sobral Envoyé : lundi 10 février 2003 13:46 À : Coercitas Temet'Nosce Cc : 'Don'; [EMAIL PROTECTED] Objet : Re: RE : IPFilter Coercitas Temet'Nosce wrote: Pardon my poor knowledge about IPFW 2 but if I remember well, IPFW wasn't a SPI Firewall, which is what I need. Btw, previous Kernel allows us to fine tune its building for IPF and now, it simply gone...was really wondering where those features are. What, exactly, is a 'SPI' firewall? If you mean stateful firewall, you haven't looking into ipfw for at least five years (making your remark obsolete, not ipfw :). The only thing I couldn't do with the old ipfw was atomic replacement of rules. With ipfw2 I can do that. ipfw2 is default on 5.0 and can be turned on on 4.7 (options IPFW2 on kernel and WITH_IPFW2, iirc, on make.conf). The '2' is the version, the binary, man pages etc still have all the same names. Is there any web place where I can find stuff about IPFW2 by chance ? regards -Message d'origine- De : [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] De la part de Don Envoyé : dimanche 9 février 2003 19:47 À : Coercitas Temet'Nosce Cc : [EMAIL PROTECTED] Objet : Re: TR : IPFilter Btw, I was looking for some docs on the FreeBSD website and didn't found anything interesting, only firewall that FreeBSD seems to support nowadays is the old IPFW, which is quite obsolete now imo. Why are documentation pages not dealing with IPF at all ? is there any reason ? Try ipfw2 -Don To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-current in the body of the message To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-current in the body of the message -- Daniel C. Sobral (8-DCS) Gerencia de Operacoes Divisao de Comunicacao de Dados Coordenacao de Seguranca TCO Fones: 55-61-313-7654/Cel: 55-61-9618-0904 E-mail: [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] Outros: [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] The past always looks better than it was. It's only pleasant because it isn't here. -- Finley Peter Dunne (Mr. Dooley) To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-current in the body of the message To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-current in the body of the message
RE : IPFilter
Yes, kinda :p Thanx for all your answers btw -Message d'origine- De : Simon L. Nielsen [mailto:[EMAIL PROTECTED]] Envoyé : lundi 10 février 2003 23:43 À : Coercitas Temet'Nosce Cc : [EMAIL PROTECTED] Objet : Re: IPFilter On 2003.02.10 23:37:36 +0100, Coercitas Temet'Nosce wrote: Yes, SPI stands for Statefull Packet Inspection. Wasn't aware IPFW was a SPI Firewall, always thought IPFilter was much better. I used to run iptables on Linux and tried IPFilter (which is very good imho). IPFW pages aren't that explicit or I didn't looked at the right place. From ipfw(8) : HISTORY The ipfw utility first appeared in FreeBSD 2.0. dummynet(4) was intro duced in FreeBSD 2.2.8. Stateful extensions were introduced in FreeBSD 4.0. ipfw2 was introduced in Summer 2002. Any of you can point me some nice pages to learn more about it ? The ipfw manpage has a lot of information... This is getting off-topic for current... -- Simon L. Nielsen To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-current in the body of the message
TR : IPFilter
Hello all, I was just wondering something regarding IPFilter and new FreeBSD 5.0 First, I was looking for IPF related functions in new Kernel building, didn't found them anywhere.maybe I did something wrong but not likely. Is it now a non kernel related application ? Btw, I was looking for some docs on the FreeBSD website and didn't found anything interesting, only firewall that FreeBSD seems to support nowadays is the old IPFW, which is quite obsolete now imo. Why are documentation pages not dealing with IPF at all ? is there any reason ? Thanx. To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-current in the body of the message
RE : IPFilter
Pardon my poor knowledge about IPFW 2 but if I remember well, IPFW wasn't a SPI Firewall, which is what I need. Btw, previous Kernel allows us to fine tune its building for IPF and now, it simply gone...was really wondering where those features are. Is there any web place where I can find stuff about IPFW2 by chance ? regards -Message d'origine- De : [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] De la part de Don Envoyé : dimanche 9 février 2003 19:47 À : Coercitas Temet'Nosce Cc : [EMAIL PROTECTED] Objet : Re: TR : IPFilter Btw, I was looking for some docs on the FreeBSD website and didn't found anything interesting, only firewall that FreeBSD seems to support nowadays is the old IPFW, which is quite obsolete now imo. Why are documentation pages not dealing with IPF at all ? is there any reason ? Try ipfw2 -Don To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-current in the body of the message To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-current in the body of the message
IPFilter
Hi all, I was just wondering something regarding IPFilter and new FreeBSD 5.0 First, I was looking for IPF related functions in new Kernel building, didn't found them anywhere.maybe I did something wrong but not likely. Is it now a non kernel related application ? Btw, I was looking for some docs on the FreeBSD website and didn't found anything interesting, only firewall that FreeBSD seems to support nowadays is the old IPFW, which is quite obsolete now imo. Why are documentation pages not dealing with IPF at all ? is there any reason ? Thanx. To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-current in the body of the message
Re: No way to disable loading of agp.1 on boot?
Hi there, problem isn't REALLY agp related, it is just because the PCI bridge tries to use some resources the BIOS left off or that are not enabled correctly by the device driver. There is a tunable value you can set to 0 to avoid this, just hit spacebar when loader prompts it and type : hw.pci.enables_io_modes=0 It will normally prevent your system to hang while testing this driver. If this doesn't work (it SHOULD work btw) just try this : hw.pci_allow_unsupported_io_range=1 It allows the PCI bridge to pass through an unsupported memory range assigned by the BIOS. This tunable value set to OFF (0) by default. Let me know if it helped :o) regards - Original Message - From: David Spreen [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Thursday, January 16, 2003 1:44 AM Subject: Bug: No way to disable loading of agp.1 on boot? Hey there, I just tried to install freebsd 5.0RC3 on my laptop but the mini-inst-iso kernel hangs before entering the install-screen. The last two lines shown are (boot -v): agp0: Intel 82443BX (440BX) host to PCI bridge mem 0-0x3ff at \ device 0.0 on pci0 agp0: allocating GATT for aperture of size 64M Anyway, I don't need agpsupport for an installation-process, so I tried to disable agp on boot-prompt. I looked for a hint-variable but there doesn't seem to exist one. anyway, lsmod shows agp.1 in the modules: section, so I thought about disable the loading of that module. Well, after an unload; disable-module agp (which worked, he said he wouldn't load it anymore); load kernel; an lsmod still shows agp.1. Is this a bug or can't I disable agp-support on installation cdroms? The machine doesn't detect agp-devices when booting with boot-floppies, so I think that should be possible with the cd too. I am fairly new to freebsd and I read the documentation about hints and also about the boot-prompt. Additionaly I asked google and dejagoogle for this issue and got no help. If I still left out a possibility I am sorry for making noise. so long... David To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-current in the body of the message To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-current in the body of the message
Problem with RC3
Hello all, I'm trying to install the new RC3 release on a laptop Toshiba SP6000. Problem is that Boot kernel from install CD (mini) hangs whith this message : ... acpi0: TOSHIB 750 on motherboard ACPI-0625: *** Info: GPE Block0 defined as GPE0 to GPE63 Using $PIR table, 7 entries at 0xc00f01d0 acpi0: power button is handled as a fixed feature programming model. Timecounter ACPI-safe frequency 3579545 Hz can't fetch resources for \_SB_.PCI0.FNC0.PRT_ - AE_BAD_DATA acpi_timer0: 24-bit timer at 3.579545MHz port 0xee08-0xee0b on acpi0 acpi_cpu0: CPU on acpi0 pcib0: ACPI Host-PCI bridge port 0xcf8-0xcff on acpi0 pci0: ACPI PCI bus on pcib0 agp0: Ali Generic host to PCI bridge mem 0xf000-0xf3ff at device 0.0 o, pci0 and system hangs forever at this point. Not being really expert in boot, I don't know how to manage this. It was already the case with FreeBSD-RC2 but not with DP1, something happened inbetween. Sorry if this error has already been pointed, I am quite new to this mailing list and didn't read all previous mails (you bet...)**Thanx for any advice concerning this problem. Regards To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-current in the body of the message
Re: Problem with RC3
Some typo in first message, here is a complete message btw : FreeBSD 5.0-RC3 #0: Fri Jan 10 23:09:54 GMT 6003 root@cypress\M-:/usr/obj/usr/src/sys/GENERIC Preloaded elf kernel /boot/kernel/kernel at 0xc0aab000. Preloaded mfs_root /boot/mfsroot at 0xc0aab0a8. Preloaded elf mod\M-ule /boot/kernel/acpi.ko at 0xc0aab0ec\M-. Timecounter i8254 frequency 1193182 Hz Timecounter TSC frequency 995965111 Hz CPU: Pentium III/Pentium III Xeon/Celeron (995.97-mHz 686-class CPU) Origin = GenuineIntel Id = 0x6b1 Stepping = 1 Features=0x383f9ffFPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,SEP,MTRR,PGE,MCA,CMOV, PAT,PSE36,MMX,FXSR,SSE real memory = 116785152 (111 MB) avail memory = 102088704 (97 MB) Initializing GEOMetry subsystem Pentium Pro MTRR support(enabled md0: Preloaded$image /boot/mfsroot 4423680 bytes at 0xc062675c npx0: math processor on motherboard npx0: INT 16 interface acpi0: TOSHIB 750 on motherboard ACPI-0625: *** Info: GPE0Block0 defined as GPE0 to GPE63 Using $PIR table, 7 entries at 0xc00f01d0 acpi0: power button is handled as a fixed feature programming model. Timecounter ACPI-safe frequency 3579545 Hz can't fetch resources for \\_SB_.PCI0.FNC0.PRT_ - AE_BAD_dATA acpi_timer0: 24-bit timer at 3.579545MHz port 0xee08-0xee0b on acpi0 acpi_cpu0: CPU on acpm0 acpi_tz0: thermal zone on acpi0 pcib0: ACPI Host-PCI bridge port 0xcf8-0xcff on acpi0 pci0: ACPI PCI bus on pcib0 agp0: Ali Generic host to PCI bridge mem 0xf000-0xf3ff at device 0.0 on pci0 regards - Original Message - From: Coercitas Temet'Nosce [EMAIL PROTECTED] To: FreeBSD current users [EMAIL PROTECTED] Sent: Tuesday, January 14, 2003 1:17 PM Subject: Problem with RC3 Hello all, I'm trying to install the new RC3 release on a laptop Toshiba SP6000. Problem is that Boot kernel from install CD (mini) hangs whith this message : ... acpi0: TOSHIB 750 on motherboard ACPI-0625: *** Info: GPE Block0 defined as GPE0 to GPE63 Using $PIR table, 7 entries at 0xc00f01d0 acpi0: power button is handled as a fixed feature programming model. Timecounter ACPI-safe frequency 3579545 Hz can't fetch resources for \_SB_.PCI0.FNC0.PRT_ - AE_BAD_DATA acpi_timer0: 24-bit timer at 3.579545MHz port 0xee08-0xee0b on acpi0 acpi_cpu0: CPU on acpi0 pcib0: ACPI Host-PCI bridge port 0xcf8-0xcff on acpi0 pci0: ACPI PCI bus on pcib0 agp0: Ali Generic host to PCI bridge mem 0xf000-0xf3ff at device 0.0 o, pci0 and system hangs forever at this point. Not being really expert in boot, I don't know how to manage this. It was already the case with FreeBSD-RC2 but not with DP1, something happened inbetween. Sorry if this error has already been pointed, I am quite new to this mailing list and didn't read all previous mails (you bet...)**Thanx for any advice concerning this problem. Regards To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-current in the body of the message To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-current in the body of the message
Re: Problem with RC3
Hello Again, Thanx all for your messages, I think I start to figure how it is handled. Problem still exists, system still hangs at agp0: Ali Generic host to PCI bridge mem 0xf000-0xf3ff at device 0.0 on pci0 but I think it is in this way I may find a solution. Is there by chance anyway to see what will be load or not simply hitting SPACEBAR at prompt ? I didn't find any place where it is discussed nor a way to see the set variables that will be used to boot. Thanx for your messages :o) - Original Message - From: Kevin Oberman [EMAIL PROTECTED] To: Francis Barnhart [EMAIL PROTECTED] Cc: Nate Lawson [EMAIL PROTECTED]; Coercitas Temet'Nosce [EMAIL PROTECTED]; FreeBSD current users [EMAIL PROTECTED] Sent: Tuesday, January 14, 2003 7:10 PM Subject: Re: Problem with RC3 Date: Tue, 14 Jan 2003 10:05:22 -0800 From: Francis Barnhart [EMAIL PROTECTED] Sender: [EMAIL PROTECTED] I wonder if it might be even better to disable it by default. Nothing turns people off like an OS that doesn't install. It should CERTAINLY be turned off on the install CDs and floppies! It was VERY frustrating to boot the CD on my laptop and have it crash after a few minutes. Kinda hard to get a crash dump, either. APM was never on by default in the past. Why should we have ACPI on on the install disks? R. Kevin Oberman, Network Engineer Energy Sciences Network (ESnet) Ernest O. Lawrence Berkeley National Laboratory (Berkeley Lab) E-mail: [EMAIL PROTECTED] Phone: +1 510 486-8634 To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-current in the body of the message
Re: Problem with RC3
Ok, problem solved... Thanx for your notes, it helped a lot. For thse who may wonder, I simply changed 2 parameters : hw.pci.enable_io_modes Enable PCI resources which are left off by some BIOSes or are not enabled correctly by the device driver. Tunable value set to ON (1) by default, but this may cause problems with some peripherals. hw.pci_allow_unsupported_io_range Allow the PCI bridge to pass through an unsupported memory range assigned by the BIOS. Tunable value set to OFF (0) by default. can't say exactly which one prevented me from crash (surely 1st one but didn't tried any further). Dunno if it would be possible to prevent such things to happen by simply test it, I guess testing it will crash the whole system too. Thanx all btw, I learn, I learn :o) - Original Message - From: Steve Kargl [EMAIL PROTECTED] To: Coercitas Temet'Nosce [EMAIL PROTECTED] Cc: Francis Barnhart [EMAIL PROTECTED]; Kevin Oberman [EMAIL PROTECTED]; Nate Lawson [EMAIL PROTECTED]; FreeBSD current users [EMAIL PROTECTED] Sent: Tuesday, January 14, 2003 9:55 PM Subject: Re: Problem with RC3 On Tue, Jan 14, 2003 at 09:52:10PM +0100, Coercitas Temet'Nosce wrote: Thanx all for your messages, I think I start to figure how it is handled. Problem still exists, system still hangs at agp0: Ali Generic host to PCI bridge mem 0xf000-0xf3ff at device 0.0 on pci0 but I think it is in this way I may find a solution. Is there by chance anyway to see what will be load or not simply hitting SPACEBAR at prompt ? I didn't find any place where it is discussed nor a way to see the set variables that will be used to boot. lsdev and lsmod show the devices that can be loaded and the deviced currently loaded, respectively. -- Steve To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-current in the body of the message To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-current in the body of the message
Docs ?
Hello all, Pardon this poor question but I was looking for up to date documentation about FreeBSD-current (5.0-RC3). Most important points to me are new kernell config and IPFilter implementation (didn't saw anything related in new files concerning kernell tuning and config). Can someone tell me where I can find at least informations relative to kernell build in last release ? Thanx Regards To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-current in the body of the message
