ipfilter is blocking connections because of not known change after 6th August
Tomaž Borštnar
tomaz.borstnar at over.net
Sat Aug 21 11:30:52 PDT 2004
Here is diff of my config file compared to GENERIC:
*** GENERIC Fri Aug 6 21:49:14 2004
--- AMNESIA Sun Jul 18 18:11:01 2004
***************
*** 1,17 ****
#
# GENERIC -- Generic kernel configuration file for DragonFly/i386
#
! # Check the LINT configuration file in sys/i386/conf, for an
! # exhaustive list of options.
#
! # $DragonFly: src/sys/i386/conf/GENERIC,v 1.18 2004/08/03 07:16:14
joerg Exp $
machine i386
! cpu I386_CPU
! cpu I486_CPU
! cpu I586_CPU
cpu I686_CPU
! ident GENERIC
maxusers 0
makeoptions DEBUG=-g #Build kernel with gdb(1) debug
symbols
--- 1,24 ----
#
# GENERIC -- Generic kernel configuration file for DragonFly/i386
#
! # For more information on this file, please read the FreeBSD handbook
section
! # on Kernel Configuration Files:
#
! #
http://www.FreeBSD.org/doc/en_US.ISO8859-1/books/handbook/kernelconfig-co
nfig.html
! #
! # An exhaustive list of options and more detailed explanations of the
! # device lines is also present in the ./LINT configuration file. If
you are
! # in doubt as to the purpose or necessity of a line, check first in LINT.
! #
! # $FreeBSD: src/sys/i386/conf/GENERIC,v 1.246.2.54 2003/04/28 03:41:46
simokaw
a Exp $
! # $DragonFly: src/sys/i386/conf/GENERIC,v 1.12 2004/04/16 20:13:17
drhodus Exp
$
machine i386
! #cpu I386_CPU
! #cpu I486_CPU
! #cpu I586_CPU
cpu I686_CPU
! ident AMNESIA
maxusers 0
makeoptions DEBUG=-g #Build kernel with gdb(1) debug
symbols
***************
*** 54,63 ****
#options APIC_IO # Symmetric (APIC) I/O
# Debugging for Development
! options DDB
! options DDB_TRACE
! options INVARIANTS
! options INVARIANT_SUPPORT
--- 61,70 ----
#options APIC_IO # Symmetric (APIC) I/O
# Debugging for Development
! options DDB
! options DDB_UNATTENDED
! options INVARIANTS
! options INVARIANT_SUPPORT
***************
*** 194,203 ****
device fxp # Intel EtherExpress PRO/100B
(82557, 82
558)
device pcn # AMD Am79C97x PCI 10/100 NICs
device rl # RealTek 8129/8139
- device re # RealTek 8139C+/8169
device sf # Adaptec AIC-6915 (``Starfire'')
device sis # Silicon Integrated Systems
SiS 900/SiS
7016
- device sk # SysKonnect GEnesis
device ste # Sundance ST201 (D-Link DFE-550TX)
device tl # Texas Instruments ThunderLAN
device tx # SMC EtherPower II (83c170
``EPIC'')
--- 201,208 ----
***************
*** 247,252 ****
--- 252,258 ----
# The `bpf' pseudo-device enables the Berkeley Packet Filter.
# Be aware of the administrative consequences of enabling this!
pseudo-device bpf #Berkeley packet filter
+ #options PFIL_HOOKS #Packetfilter hooks
# USB support
device uhci # UHCI PCI->USB interface
***************
*** 269,271 ****
--- 275,312 ----
device firewire # FireWire bus code
device sbp # SCSI over FireWire (Requires
scbus and
da)
device fwe # Ethernet over FireWire
(non-standard!)
+
+
+ options INCLUDE_CONFIG_FILE # Include this file in kernel
+ #
+ options IPSEC #IP security
+ options IPSEC_ESP #IP security (crypto; define
w/ IPSEC)
+ options IPSEC_DEBUG #debug for IP security
+ #
+ options IPFILTER #ipfilter support
+ options IPFILTER_LOG #ipfilter logging
+ #
+ options MROUTING # Multicast routing
+ options IPFIREWALL #firewall
+ options IPFIREWALL_VERBOSE #enable logging to syslogd(8)
+ options IPFIREWALL_FORWARD #enable transparent proxy support
+ options IPFIREWALL_VERBOSE_LIMIT=100 #limit verbosity
+ options IPFIREWALL_DEFAULT_TO_ACCEPT #allow everything by
default
+ options IPDIVERT #divert sockets
+ #
+ # RANDOM_IP_ID causes the ID field in IP packets to be randomized
+ # instead of incremented by 1 with each packet generated. This
+ # option closes a minor information leak which allows remote
+ # observers to determine the rate of packet generation on the
+ # machine by watching the counter.
+ options RANDOM_IP_ID
+ #
+ # DUMMYNET enables the "dummynet" bandwidth limiter. You need
+ # IPFIREWALL as well. See the dummynet(4) manpage for more info.
+ # BRIDGE enables bridging between ethernet cards -- see bridge(4).
+ # You can use IPFIREWALL and dummynet together with bridging.
+ options DUMMYNET
+ options BRIDGE
+ #
+ pseudo-device gre #IP over IP tunneling
----------------------------
More information about the Bugs
mailing list