info
Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
Significant missing item in 11.0 release notes
2 views
Skip to first unread message
Kevin Oberman
Jul 31, 2016, 3:28:31 PM7/31/16
to
This morning I updated my min user system from 10.3-Stable to 11.0-BETA3.
In general, things went well, but I had two issues that prevented the
network from operating. the first is a lack of documentation in the Release
Notes and the second is a driver issue. Since they are in no way related,
I'll send the report of the driver issue later.
I use ipfw(8) tables in my firewall configuration. Unfortunately, 11.0 has
introduced a totally re-worked tables structure. The new structure is
awesome and I read about it at the time the changes were being planned and
implemented, but had forgotten. As a result the very first line in my
configuration, "table 1 flush" was no longer valid and the remainder of the
file was ignored.
I assumed that I had missed this in the release notes, but I can find no
reference to this significant change that simultaneously greatly enhanced
ipfw table functionality, but also broke my configuration. While the fix
was trivial, if the Release Notes had addressed this, I would not have had
the problem in the first place.
--
Kevin Oberman, Part time kid herder and retired Network Engineer
E-mail: rkob...@gmail.com
PGP Fingerprint: D03FB98AFA78E3B78C1694B318AB39EF1B055683
_______________________________________________
freebsd...@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-stable
To unsubscribe, send any mail to "freebsd-stabl...@freebsd.org"
In general, things went well, but I had two issues that prevented the
network from operating. the first is a lack of documentation in the Release
Notes and the second is a driver issue. Since they are in no way related,
I'll send the report of the driver issue later.
I use ipfw(8) tables in my firewall configuration. Unfortunately, 11.0 has
introduced a totally re-worked tables structure. The new structure is
awesome and I read about it at the time the changes were being planned and
implemented, but had forgotten. As a result the very first line in my
configuration, "table 1 flush" was no longer valid and the remainder of the
file was ignored.
I assumed that I had missed this in the release notes, but I can find no
reference to this significant change that simultaneously greatly enhanced
ipfw table functionality, but also broke my configuration. While the fix
was trivial, if the Release Notes had addressed this, I would not have had
the problem in the first place.
--
Kevin Oberman, Part time kid herder and retired Network Engineer
E-mail: rkob...@gmail.com
PGP Fingerprint: D03FB98AFA78E3B78C1694B318AB39EF1B055683
_______________________________________________
freebsd...@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-stable
To unsubscribe, send any mail to "freebsd-stabl...@freebsd.org"
Ian Smith
Aug 1, 2016, 5:29:04 AM8/1/16
to
On Sun, 31 Jul 2016 12:28:06 -0700, Kevin Oberman wrote:
> This morning I updated my min user system from 10.3-Stable to 11.0-BETA3.
> In general, things went well, but I had two issues that prevented the
> network from operating. the first is a lack of documentation in the Release
> Notes and the second is a driver issue. Since they are in no way related,
> I'll send the report of the driver issue later.
>
> I use ipfw(8) tables in my firewall configuration. Unfortunately, 11.0 has
> introduced a totally re-worked tables structure. The new structure is
> awesome and I read about it at the time the changes were being planned and
> implemented, but had forgotten. As a result the very first line in my
> configuration, "table 1 flush" was no longer valid and the remainder of the
> file was ignored.
>
> I assumed that I had missed this in the release notes, but I can find no
> reference to this significant change that simultaneously greatly enhanced
> ipfw table functionality, but also broke my configuration. While the fix
> was trivial, if the Release Notes had addressed this, I would not have had
> the problem in the first place.
I don't see this as a Release Notes issue - though I guess it will be if
> This morning I updated my min user system from 10.3-Stable to 11.0-BETA3.
> In general, things went well, but I had two issues that prevented the
> network from operating. the first is a lack of documentation in the Release
> Notes and the second is a driver issue. Since they are in no way related,
> I'll send the report of the driver issue later.
>
> I use ipfw(8) tables in my firewall configuration. Unfortunately, 11.0 has
> introduced a totally re-worked tables structure. The new structure is
> awesome and I read about it at the time the changes were being planned and
> implemented, but had forgotten. As a result the very first line in my
> configuration, "table 1 flush" was no longer valid and the remainder of the
> file was ignored.
>
> I assumed that I had missed this in the release notes, but I can find no
> reference to this significant change that simultaneously greatly enhanced
> ipfw table functionality, but also broke my configuration. While the fix
> was trivial, if the Release Notes had addressed this, I would not have had
> the problem in the first place.
it cannot be quickly fixed before 11.0-RELEASE - but as a very serious
and - as far as I know - unreported regression in ipfw(8).
In 18 years I cannot recall any addition of features, or additional
options for existing features, that caused any breakage of existing
rulesets. What on earth could be invalid about "table 1 flush"?
cc'ing ipfw@, which is most likely where this should be discussed ..
cheers, Ian
Andrey V. Elsukov
Aug 1, 2016, 9:42:02 AM8/1/16
to
On 31.07.16 22:28, Kevin Oberman wrote:
> I assumed that I had missed this in the release notes, but I can find no
> reference to this significant change that simultaneously greatly enhanced
> ipfw table functionality, but also broke my configuration. While the fix
> was trivial, if the Release Notes had addressed this, I would not have had
> the problem in the first place.
I fixed this in r303615. Thanks for the report!
> I assumed that I had missed this in the release notes, but I can find no
> reference to this significant change that simultaneously greatly enhanced
> ipfw table functionality, but also broke my configuration. While the fix
> was trivial, if the Release Notes had addressed this, I would not have had
> the problem in the first place.
--
WBR, Andrey V. Elsukov
Ian Smith
Aug 1, 2016, 11:43:49 AM8/1/16
to
the new tables section in 11.0-R ipfw(8), that Kevin had run into:
Tables require explicit creation via create before use.
but diving - not too deeply - into the log of /head/sbin/ipfw/tables.c
from your commit, I think that statement must be out of date, at least
regarding existing ruleset table configuration? Is that right?
Andrey V. Elsukov
Aug 1, 2016, 11:49:50 AM8/1/16
to
On 01.08.16 18:43, Ian Smith wrote:
> Fast work Andrey, and sorry for rushing in. I ASSumed, after reading
> the new tables section in 11.0-R ipfw(8), that Kevin had run into:
>
> Tables require explicit creation via create before use.
>
> but diving - not too deeply - into the log of /head/sbin/ipfw/tables.c
> from your commit, I think that statement must be out of date, at least
> regarding existing ruleset table configuration? Is that right?
If you want to use some new specific feature you need to create table
> Fast work Andrey, and sorry for rushing in. I ASSumed, after reading
> the new tables section in 11.0-R ipfw(8), that Kevin had run into:
>
> Tables require explicit creation via create before use.
>
> but diving - not too deeply - into the log of /head/sbin/ipfw/tables.c
> from your commit, I think that statement must be out of date, at least
> regarding existing ruleset table configuration? Is that right?
explicitly. But for old rules generic tables will be created
automatically (with warning).
Ian Smith
Aug 1, 2016, 1:03:23 PM8/1/16
to
Kevin Oberman
Aug 1, 2016, 6:36:05 PM8/1/16
to
Thanks for the quick fix, Andrey! Now that this is taken care of, time to
start playing with the cool new features... especially naming tables.
Kevin Oberman, Part time kid herder and retired Network Engineer
E-mail: rkob...@gmail.com
PGP Fingerprint: D03FB98AFA78E3B78C1694B318AB39EF1B055683
start playing with the cool new features... especially naming tables.
Kevin Oberman, Part time kid herder and retired Network Engineer
E-mail: rkob...@gmail.com
PGP Fingerprint: D03FB98AFA78E3B78C1694B318AB39EF1B055683
0 new messages