OpenBSD Packet Filter seems to have broken between 9.0 and 9.1, as it did from 8.2 to 9.0. I built stable/9 and it was not fixed. Since I like to run Packet Filter, I ran these commands:
# cd /usr
# svn co svn://svn.freebsd.org/base/head src
Then I checked /usr/src/UPDATING and found this:
20120828:
A new ZFS feature flag "com.delphix:empty_bpobj" has been merged
to -HEAD. Pools that have empty_bpobj in active state can not be
imported read-write with ZFS implementations that do not support
this feature. For more information read the zpool-features(5)
manual page.
Unfortunately, I do not have a manual page for zpool-features.
Does this mean that I can not update from 9 to 10? This amd64 has zfs root.
Darrel <levi...@iglou.com> wrote:
> OpenBSD Packet Filter seems to have broken between 9.0 and 9.1, as it did > from 8.2 to 9.0. I built stable/9 and it was not fixed. Since I like to > run Packet Filter, I ran these commands:
> # cd /usr
> # svn co svn://svn.freebsd.org/base/head src
> Then I checked /usr/src/UPDATING and found this:
> 20120828:
> A new ZFS feature flag "com.delphix:empty_bpobj" has been merged
> to -HEAD. Pools that have empty_bpobj in active state can not be
> imported read-write with ZFS implementations that do not support
> this feature. For more information read the zpool-features(5)
> manual page.
> Unfortunately, I do not have a manual page for zpool-features.
It should be part of the checkout. Try:
man /usr/src/cddl/contrib/opensolaris/cmd/zpool/zpool-features.5
> Does this mean that I can not update from 9 to 10?
>> OpenBSD Packet Filter seems to have broken between 9.0 and 9.1, as it did
>> from 8.2 to 9.0. I built stable/9 and it was not fixed. Since I like to
>> run Packet Filter, I ran these commands:
>> # cd /usr
>> # svn co svn://svn.freebsd.org/base/head src
>> Then I checked /usr/src/UPDATING and found this:
>> 20120828:
>> A new ZFS feature flag "com.delphix:empty_bpobj" has been merged
>> to -HEAD. Pools that have empty_bpobj in active state can not be
>> imported read-write with ZFS implementations that do not support
>> this feature. For more information read the zpool-features(5)
>> manual page.
>> Unfortunately, I do not have a manual page for zpool-features.
> It should be part of the checkout. Try:
> man /usr/src/cddl/contrib/opensolaris/cmd/zpool/zpool-features.5
Dumb question: why isn't this manpage installed with the rest?
Thanks,
-Garrett
_______________________________________________
freebsd-curr...@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-current To unsubscribe, send any mail to "freebsd-current-unsubscr...@freebsd.org"
On Tue, 18 Sep 2012 12:07:01 -0700, Garrett Cooper wrote:
> On Tue, Sep 18, 2012 at 11:56 AM, Fabian Keil
> <freebsd-lis...@fabiankeil.de> wrote:
>> Darrel <levi...@iglou.com> wrote:
>>> OpenBSD Packet Filter seems to have broken between 9.0 and 9.1, as it did
>>> from 8.2 to 9.0. I built stable/9 and it was not fixed. Since I like to
>>> run Packet Filter, I ran these commands:
>>> # cd /usr
>>> # svn co svn://svn.freebsd.org/base/head src
>>> Then I checked /usr/src/UPDATING and found this:
>>> 20120828:
>>> A new ZFS feature flag "com.delphix:empty_bpobj" has been merged
>>> to -HEAD. Pools that have empty_bpobj in active state can not be
>>> imported read-write with ZFS implementations that do not support
>>> this feature. For more information read the zpool-features(5)
>>> manual page.
>>> Unfortunately, I do not have a manual page for zpool-features.
>> It should be part of the checkout. Try:
>> man /usr/src/cddl/contrib/opensolaris/cmd/zpool/zpool-features.5
> Dumb question: why isn't this manpage installed with the rest?
It is, but the OP only did a src checkout :-)
_______________________________________________
freebsd-curr...@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-current To unsubscribe, send any mail to "freebsd-current-unsubscr...@freebsd.org"
>> man /usr/src/cddl/contrib/opensolaris/cmd/zpool/zpool-features.5
> found it. :)
>>> Does this mean that I can not update from 9 to 10?
>> No.
So I ran mergemaster and upgraded zpool from '28' to 'zpool-features'
and installed the new bootcode to ada0 and ada1. The next step
needs to be right before I can reboot.
pfctl and snmp_pf need to be recompiled. Does this mean 'make
clean', 'make', and 'make install' in
/usr/src/usr.sbin/bsnmpd/modules/snmp_pf and /usr/src/sbin/pfctl?
Is either of the directories incorrect or some other combination
of make calls required there?
>>>> Does this mean that I can not update from 9 to 10?
>>> No.
> So I ran mergemaster and upgraded zpool from '28' to 'zpool-features'
> and installed the new bootcode to ada0 and ada1. The next step
> needs to be right before I can reboot.
> pfctl and snmp_pf need to be recompiled. Does this mean 'make
> clean', 'make', and 'make install' in
> /usr/src/usr.sbin/bsnmpd/modules/snmp_pf and /usr/src/sbin/pfctl?
> Is either of the directories incorrect or some other combination
> of make calls required there?
I asked this on 'questions' and no one answered- perhaps they are not running -current. I seem to be stuck with it now since zpool has been upgraded. Is there no one on this list willing to take a moment to let me know if the steps in the previous paragraph which I guess are correct are actually correct? The file /usr/src/UPDATING merely mentions that the modules should be compiled but does not describe it.
Actually, I am becoming suspicious that FreeBSD does not maintain a OpenBSD Packet Firewall that survives upgrades. Perhaps I should just take all of the Packet Firewall stuff out of my kernel and learn to use ipfw2.
Mergemaster was run on Wednesday and the file server just sits there waiting for a couple of commands and a reboot.
On Fri, Sep 21, 2012 at 7:10 PM, Darrel <levi...@iglou.com> wrote:
Welcome to the wonderful world that no one knows how UPDATING works anymore...
-Garrett
_______________________________________________
freebsd-curr...@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-current To unsubscribe, send any mail to "freebsd-current-unsubscr...@freebsd.org"
> Welcome to the wonderful world that no one knows how UPDATING works anymore...
> -Garrett
Thank you.
Assholes [ pardon me] that they tend to be, with many exceptions- the steps would have been included in an OpenBSD update that required portions
of the tree to be recompiled.
> On Fri, Sep 21, 2012 at 11:14:36PM -0400, Darrel wrote:
>>> Welcome to the wonderful world that no one knows how UPDATING works anymore...
>>> -Garrett
>> Thank you.
>> Assholes [ pardon me] that they tend to be, with many exceptions- the >> steps would have been included in an OpenBSD update that required portions
>> of the tree to be recompiled.
> You should always rebuild the tree in its entirety when upgrading.
> Plus, if you are running -CURRENT, you should expect some things to
> break on occasion. While those cases are not intentional, they do
> happen.
Should is the operable word. If one does something that affects a non-niche group, it's a wise idea to use updating as it was supposed to be used. As it stands updating is neither used nor abused.
Thanks,
-Garrett_______________________________________________
freebsd-curr...@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-current To unsubscribe, send any mail to "freebsd-current-unsubscr...@freebsd.org"
> Actually, I am becoming suspicious that FreeBSD does not maintain a > OpenBSD Packet Firewall that survives upgrades. Perhaps I should just > take all of the Packet Firewall stuff out of my kernel and learn to use > ipfw2.
> Darrel
On the subject of OpenBSD Packet Firewall
OpenBSD 4.5 version of PF firewall which is included with the base FreeBSD 8.x and 9.x releases is no longer supported by OpenBSD and very back level.
The most current version of OpenBSD is 5.1. PF version 5.0 changed the syntax of the NAT statement making PF no longer backwards compatible which breaks some Freebsd standard, so updated versions of OpenBSD PF will no longer be mass ported to FreeBSD. Any bug fix code to OpenBSD PF will have to be incorporated by hand into FreeBSD's version of PF from this point on.
The following will shine some more light on the subject.
>> Actually, I am becoming suspicious that FreeBSD does not maintain a OpenBSD >> Packet Firewall that survives upgrades. Perhaps I should just take all of >> the Packet Firewall stuff out of my kernel and learn to use ipfw2.
>> Darrel
> On the subject of OpenBSD Packet Firewall
> OpenBSD 4.5 version of PF firewall which is included with the base FreeBSD > 8.x and 9.x releases is no longer supported by OpenBSD and very back level.
> The most current version of OpenBSD is 5.1. PF version 5.0 changed the syntax > of the NAT statement making PF no longer backwards compatible which breaks > some Freebsd standard, so updated versions of OpenBSD PF will no longer be > mass ported to FreeBSD. Any bug fix code to OpenBSD PF will have to be > incorporated by hand into FreeBSD's version of PF from this point on.
> The following will shine some more light on the subject.
Thank you. This information is good to know since I recompiled parts of Packet Firewall and then rebooted the machine with no working Packet Filter as a result.
I have adjusted to the changes and am running OpenBSD 5.1 on my perimeter. Also, I am experimenting with NPF on NetBSD, which has a few bugs but generally works just fine tested with 'nmap' and the like. For FreeBSD, I will change to IPFW. It might be useful anyhow, since I have a Macintosh and will eventually probably get another. I would guess that the Macintosh firewall is still 'ipfw2', or something not too dissimilar.
There is just no sense banging my head against a wall and repearting mistakes that actually do not belong to me by trying to run Packet Filter on FreeBSD.
>> Actually, I am becoming suspicious that FreeBSD does not maintain a OpenBSD >> Packet Firewall that survives upgrades. Perhaps I should just take all of >> the Packet Firewall stuff out of my kernel and learn to use ipfw2.
>> Darrel
> On the subject of OpenBSD Packet Firewall
> OpenBSD 4.5 version of PF firewall which is included with the base FreeBSD > 8.x and 9.x releases is no longer supported by OpenBSD and very back level.
> The most current version of OpenBSD is 5.1. PF version 5.0 changed the syntax > of the NAT statement making PF no longer backwards compatible which breaks > some Freebsd standard, so updated versions of OpenBSD PF will no longer be > mass ported to FreeBSD. Any bug fix code to OpenBSD PF will have to be > incorporated by hand into FreeBSD's version of PF from this point on.
> The following will shine some more light on the subject.
Just for informational purposes, you might not want to do any firewall comparison on the OpenBSD misc list. A Packet Firewall developer responded to me personally, writing that the signal-to-noise ratio was too high and to refrain from posting to the list.
