2010/4/6 Erich Jenkins, Fuujin Group Ltd <er...@fuujingroup.com> > Pawel Tyll wrote: > >> Unfortunately FreeBSD 8.0-STABLE #0: Mon Apr 5 08:43:58 CEST 2010 >> still has problems. >> >> ipfw show: >> (...) >> 65534 44262253 27617819701 allow ip from any to any >> 00001 5335 405460 allow ip from me to any dst-port 123 >> 00000 0 0 ip from any to any >> >> Anything I can do to help? >> >
> Pawel: > > My skin crawled the moment I read this post. Could you provide a bit more > information about this issue? I manage a very large deployment of FreeBSD > boxes which are geographically dispersed, and we've started upgrading them > to the 8.0 release. My default policy is to deny everything but the services > running, so I generally end with a "deny all" statement, and the last thing > I want is to lock myself out and have to dispatch a technician... > > Is this problem localized to any particular architecture? (we have sparc64, > amd64 and i386 servers deployed). Is this just the stable branch that's > affected, or was this bug also in the ISO release? (I deploy via > NFS/FTP/bootp from internal servers hosting the ISO images). > > If you read the archives of this list, you'll find that this issue only applies to 8-STABLE after the 8.0 release. Thus, if you upgrade to 8.0-RELEASE, you will not run into this problem. Luigi is doing a bunch of cleanups, refactoring, and updates to the ipfw code in 8-STABLE/9-CURRENT. Things are a bit unstable right now, but getting better with each passing day. IOW, nothing to worry about unless you have plans to upgrade to 8-STABLE. :) -- Freddie Cash fjwc...@gmail.com _______________________________________________ freebsd-ipfw@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw To unsubscribe, send any mail to "freebsd-ipfw-unsubscr...@freebsd.org"