|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: IPFIREWALL_DEFAULT_TO_ACCEPT becomes default to deny
From: Peter Jeremy (peterjeremy
optushome.com.au)
Date: Mon Feb 09 2004 - 03:23:47 CST
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
On Mon, Feb 09, 2004 at 08:32:36AM +0100, Gogh, Ruben van wrote:
>Last friday I upgraded to 4.8-RELEASE-p15. As usual I set IPFIREWALL to
>default accept in my kernel config file.
>config & make weren't complaining so, installed the kernel, reboot and there
>it was:
>>IP packet filtering initialized, divert disabled, rule-based forwarding
>enabled, default to deny, logging disabled
>Output of ipfw show:
>65535 0 0 deny ip from any to any
This means IPFIREWALL_DEFAULT_TO_ACCEPT is not defined when
/sys/netinet/ip_fw.c is compiled.
Do you have "options INCLUDE_CONFIG_FILE"? If so, does
"options IPFIREWALL_DEFAULT_TO_ACCEPT" show up in your kernel?
Does /usr/obj/usr/src/sys/<<KERNELNAME>>/opt_ipfw.h or
/sys/compile/<<KERNELNAME>>/opt_ipfw.h include the lines:
#define IPFIREWALL 1
#define IPFIREWALL_DEFAULT_TO_ACCEPT 1
Does the kernelname in your dmesg.boot match your expected config?
Have you wiped /usr/obj[/usr/src/sys/<<KERNELNAME>>] or /sys/compile
and re-built the kernel?
Have you tried wiping /usr/src[/sys], re-extracting/cvsuping and re-building?
>THERE are no such thing as settings in rc.conf like firewall_type="closed"
>or what so ever. When I boot up with the older kernel it use default to
>accept...
What version is this kernel?
>I triple checked the config file for the right settings. And, as I did
>config && make depend && make install the system
>wasn't complaing about a thing.
I gather from this that you are using the "old" kernel build strategy.
You are aware that this is missing a step: Neither "make depend" nor
"make install" actually compiles the kernel. You need to do a "make"
in between.
Peter
_______________________________________________
freebsd-securityfreebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscribefreebsd.org"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]