Author: Danny
Date: 22-09-01 14:28
I did almost the same thing the other day. I also build world and kernel (through make buildkernel KERNCONF=XYZ) and then installed over NFS on my firewall box. Same problem, although I never use kernel option default block for ipfilter. I don't see any merit in doing so, after all who would use a firewall with no rules.
I.M.H.O. , as indicated in the article the problem has something to do with kernel and world being out of sync. What saved the day is not changing a ipf kernel option but rather merely compiling a new kernel (the old fashioned way, make config, make depend, etc). I realised that when dmesg didn't work either. The moral: when upgrading world, compile and install a GENERIC kernel first. That one will work, custom kernels might not. Then after installworld and mergemaster install the custom kernel. Yes, I know, this is also the method recommended in the Handbook but we all try to cut corners don't we ;-)
Where exactly the difference lies, I don't know. I suspect the automated make depend step when using buildkernel. Any comments?
P.S.
Before the upgrade I used a custom rc.ipfilter script to start ipf, ipnat and ipmon from. Here's a tip when using ipf with the rc.network script (unmodified): The ipmon_flags default to -Ds, (D=run as daemon) setting it to -s only like I did before will keep your shell occupied when booting making it look like the box hangs during boot. Also, by setting ipnat_flags to "> /dev/null" you can get rid of the ugly ipnat output during boot.
Greetings,
Danny
|
|
