Re: Significant missing item in 11.0 release notes
Thanks for the quick fix, Andrey! Now that this is taken care of, time to start playing with the cool new features... especially naming tables. Kevin Oberman, Part time kid herder and retired Network Engineer E-mail: rkober...@gmail.com PGP Fingerprint: D03FB98AFA78E3B78C1694B318AB39EF1B055683 On Mon, Aug 1, 2016 at 10:02 AM, Ian Smithwrote: > On Mon, 1 Aug 2016 18:47:37 +0300, Andrey V. Elsukov wrote: > > On 01.08.16 18:43, Ian Smith wrote: > > > Fast work Andrey, and sorry for rushing in. I ASSumed, after reading > > > the new tables section in 11.0-R ipfw(8), that Kevin had run into: > > > > > >Tables require explicit creation via create before use. > > > > > > but diving - not too deeply - into the log of /head/sbin/ipfw/tables.c > > > from your commit, I think that statement must be out of date, at least > > > regarding existing ruleset table configuration? Is that right? > > > > If you want to use some new specific feature you need to create table > > explicitly. But for old rules generic tables will be created > > automatically (with warning). > > Exactly how I was hoped it would work, thankyou .. > > cheers, Ian > ___ freebsd-stable@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to "freebsd-stable-unsubscr...@freebsd.org"
Re: Significant missing item in 11.0 release notes
On Mon, 1 Aug 2016 18:47:37 +0300, Andrey V. Elsukov wrote: > On 01.08.16 18:43, Ian Smith wrote: > > Fast work Andrey, and sorry for rushing in. I ASSumed, after reading > > the new tables section in 11.0-R ipfw(8), that Kevin had run into: > > > >Tables require explicit creation via create before use. > > > > but diving - not too deeply - into the log of /head/sbin/ipfw/tables.c > > from your commit, I think that statement must be out of date, at least > > regarding existing ruleset table configuration? Is that right? > > If you want to use some new specific feature you need to create table > explicitly. But for old rules generic tables will be created > automatically (with warning). Exactly how I was hoped it would work, thankyou .. cheers, Ian ___ freebsd-stable@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to "freebsd-stable-unsubscr...@freebsd.org"
Re: Significant missing item in 11.0 release notes
On 01.08.16 18:43, Ian Smith wrote: > Fast work Andrey, and sorry for rushing in. I ASSumed, after reading > the new tables section in 11.0-R ipfw(8), that Kevin had run into: > > Tables require explicit creation via create before use. > > but diving - not too deeply - into the log of /head/sbin/ipfw/tables.c > from your commit, I think that statement must be out of date, at least > regarding existing ruleset table configuration? Is that right? If you want to use some new specific feature you need to create table explicitly. But for old rules generic tables will be created automatically (with warning). -- WBR, Andrey V. Elsukov signature.asc Description: OpenPGP digital signature
Re: Significant missing item in 11.0 release notes
On Mon, 1 Aug 2016 16:39:45 +0300, Andrey V. Elsukov wrote: > On 31.07.16 22:28, Kevin Oberman wrote: > > I assumed that I had missed this in the release notes, but I can find no > > reference to this significant change that simultaneously greatly enhanced > > ipfw table functionality, but also broke my configuration. While the fix > > was trivial, if the Release Notes had addressed this, I would not have had > > the problem in the first place. > > I fixed this in r303615. Thanks for the report! Fast work Andrey, and sorry for rushing in. I ASSumed, after reading the new tables section in 11.0-R ipfw(8), that Kevin had run into: Tables require explicit creation via create before use. but diving - not too deeply - into the log of /head/sbin/ipfw/tables.c from your commit, I think that statement must be out of date, at least regarding existing ruleset table configuration? Is that right? cheers, Ian ___ freebsd-stable@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to "freebsd-stable-unsubscr...@freebsd.org"
Re: Significant missing item in 11.0 release notes
On 31.07.16 22:28, Kevin Oberman wrote: > I assumed that I had missed this in the release notes, but I can find no > reference to this significant change that simultaneously greatly enhanced > ipfw table functionality, but also broke my configuration. While the fix > was trivial, if the Release Notes had addressed this, I would not have had > the problem in the first place. I fixed this in r303615. Thanks for the report! -- WBR, Andrey V. Elsukov signature.asc Description: OpenPGP digital signature
Re: Significant missing item in 11.0 release notes
On Sun, 31 Jul 2016 12:28:06 -0700, Kevin Oberman wrote: > This morning I updated my min user system from 10.3-Stable to 11.0-BETA3. > In general, things went well, but I had two issues that prevented the > network from operating. the first is a lack of documentation in the Release > Notes and the second is a driver issue. Since they are in no way related, > I'll send the report of the driver issue later. > > I use ipfw(8) tables in my firewall configuration. Unfortunately, 11.0 has > introduced a totally re-worked tables structure. The new structure is > awesome and I read about it at the time the changes were being planned and > implemented, but had forgotten. As a result the very first line in my > configuration, "table 1 flush" was no longer valid and the remainder of the > file was ignored. > > I assumed that I had missed this in the release notes, but I can find no > reference to this significant change that simultaneously greatly enhanced > ipfw table functionality, but also broke my configuration. While the fix > was trivial, if the Release Notes had addressed this, I would not have had > the problem in the first place. I don't see this as a Release Notes issue - though I guess it will be if it cannot be quickly fixed before 11.0-RELEASE - but as a very serious and - as far as I know - unreported regression in ipfw(8). In 18 years I cannot recall any addition of features, or additional options for existing features, that caused any breakage of existing rulesets. What on earth could be invalid about "table 1 flush"? cc'ing ipfw@, which is most likely where this should be discussed .. cheers, Ian ___ freebsd-stable@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to "freebsd-stable-unsubscr...@freebsd.org"
Significant missing item in 11.0 release notes
This morning I updated my min user system from 10.3-Stable to 11.0-BETA3. In general, things went well, but I had two issues that prevented the network from operating. the first is a lack of documentation in the Release Notes and the second is a driver issue. Since they are in no way related, I'll send the report of the driver issue later. I use ipfw(8) tables in my firewall configuration. Unfortunately, 11.0 has introduced a totally re-worked tables structure. The new structure is awesome and I read about it at the time the changes were being planned and implemented, but had forgotten. As a result the very first line in my configuration, "table 1 flush" was no longer valid and the remainder of the file was ignored. I assumed that I had missed this in the release notes, but I can find no reference to this significant change that simultaneously greatly enhanced ipfw table functionality, but also broke my configuration. While the fix was trivial, if the Release Notes had addressed this, I would not have had the problem in the first place. -- Kevin Oberman, Part time kid herder and retired Network Engineer E-mail: rkober...@gmail.com PGP Fingerprint: D03FB98AFA78E3B78C1694B318AB39EF1B055683 ___ freebsd-stable@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to "freebsd-stable-unsubscr...@freebsd.org"