ipfilter is blocking connections because of not known change after 6th August

Tomaž Borštnar tomaz.borstnar at over.net
Sat Aug 21 11:30:52 PDT 2004


Here is diff of my config file compared to GENERIC:

*** GENERIC     Fri Aug  6 21:49:14 2004
--- AMNESIA     Sun Jul 18 18:11:01 2004
***************
*** 1,17 ****
  #
  # GENERIC -- Generic kernel configuration file for DragonFly/i386
  #
! # Check the LINT configuration file in sys/i386/conf, for an
! # exhaustive list of options.
  #
! # $DragonFly: src/sys/i386/conf/GENERIC,v 1.18 2004/08/03 07:16:14 
joerg Exp $

  machine               i386
! cpu           I386_CPU
! cpu           I486_CPU
! cpu           I586_CPU
  cpu           I686_CPU
! ident         GENERIC
  maxusers      0
  makeoptions   DEBUG=-g                #Build kernel with gdb(1) debug 
symbols
--- 1,24 ----
  #
  # GENERIC -- Generic kernel configuration file for DragonFly/i386
  #
! # For more information on this file, please read the FreeBSD handbook 
section
! # on Kernel Configuration Files:
  #
! # 
http://www.FreeBSD.org/doc/en_US.ISO8859-1/books/handbook/kernelconfig-co
nfig.html
! #
! # An exhaustive list of options and more detailed explanations of the
! # device lines is also present in the ./LINT configuration file. If 
you are
! # in doubt as to the purpose or necessity of a line, check first in LINT.
! #
! # $FreeBSD: src/sys/i386/conf/GENERIC,v 1.246.2.54 2003/04/28 03:41:46 
simokaw
a Exp $
! # $DragonFly: src/sys/i386/conf/GENERIC,v 1.12 2004/04/16 20:13:17 
drhodus Exp
 $

  machine               i386
! #cpu          I386_CPU
! #cpu          I486_CPU
! #cpu          I586_CPU
  cpu           I686_CPU
! ident         AMNESIA
  maxusers      0
  makeoptions   DEBUG=-g                #Build kernel with gdb(1) debug 
symbols
***************
*** 54,63 ****
  #options      APIC_IO                 # Symmetric (APIC) I/O

  # Debugging for Development
! options       DDB
! options       DDB_TRACE
! options       INVARIANTS
! options       INVARIANT_SUPPORT


--- 61,70 ----
  #options      APIC_IO                 # Symmetric (APIC) I/O
  # Debugging for Development
! options         DDB
! options               DDB_UNATTENDED
! options         INVARIANTS
! options         INVARIANT_SUPPORT


***************
*** 194,203 ****
  device                fxp             # Intel EtherExpress PRO/100B 
(82557, 82
558)
  device                pcn             # AMD Am79C97x PCI 10/100 NICs
  device                rl              # RealTek 8129/8139
- device                re              # RealTek 8139C+/8169
  device                sf              # Adaptec AIC-6915 (``Starfire'')
  device                sis             # Silicon Integrated Systems 
SiS 900/SiS
 7016
- device                sk              # SysKonnect GEnesis
  device                ste             # Sundance ST201 (D-Link DFE-550TX)
  device                tl              # Texas Instruments ThunderLAN
  device                tx              # SMC EtherPower II (83c170 
``EPIC'')
--- 201,208 ----
***************
*** 247,252 ****
--- 252,258 ----
  # The `bpf' pseudo-device enables the Berkeley Packet Filter.
  # Be aware of the administrative consequences of enabling this!
  pseudo-device bpf             #Berkeley packet filter
+ #options              PFIL_HOOKS      #Packetfilter hooks

  # USB support
  device                uhci            # UHCI PCI->USB interface
***************
*** 269,271 ****
--- 275,312 ----
  device                firewire        # FireWire bus code
  device                sbp             # SCSI over FireWire (Requires 
scbus and
 da)
  device                fwe             # Ethernet over FireWire 
(non-standard!)
+
+
+ options    INCLUDE_CONFIG_FILE     # Include this file in kernel
+ #
+ options         IPSEC                   #IP security
+ options         IPSEC_ESP               #IP security (crypto; define 
w/ IPSEC)
+ options         IPSEC_DEBUG             #debug for IP security
+ #
+ options         IPFILTER                #ipfilter support
+ options         IPFILTER_LOG            #ipfilter logging
+ #
+ options         MROUTING                # Multicast routing
+ options         IPFIREWALL              #firewall
+ options         IPFIREWALL_VERBOSE      #enable logging to syslogd(8)
+ options         IPFIREWALL_FORWARD      #enable transparent proxy support
+ options         IPFIREWALL_VERBOSE_LIMIT=100    #limit verbosity
+ options         IPFIREWALL_DEFAULT_TO_ACCEPT    #allow everything by 
default
+ options         IPDIVERT                #divert sockets
+ #
+ # RANDOM_IP_ID causes the ID field in IP packets to be randomized
+ # instead of incremented by 1 with each packet generated.  This
+ # option closes a minor information leak which allows remote
+ # observers to determine the rate of packet generation on the
+ # machine by watching the counter.
+ options         RANDOM_IP_ID
+ #
+ # DUMMYNET enables the "dummynet" bandwidth limiter. You need
+ # IPFIREWALL as well. See the dummynet(4) manpage for more info.
+ # BRIDGE enables bridging between ethernet cards -- see bridge(4).
+ # You can use IPFIREWALL and dummynet together with bridging.
+ options         DUMMYNET
+ options         BRIDGE
+ #
+ pseudo-device   gre                     #IP over IP tunneling



----------------------------






More information about the Bugs mailing list