This morning I updated my min user system from 10.3-Stable to 11.0-BETA3. In general, things went well, but I had two issues that prevented the network from operating. the first is a lack of documentation in the Release Notes and the second is a driver issue. Since they are in no way related, I'll send the report of the driver issue later. I use ipfw(8) tables in my firewall configuration. Unfortunately, 11.0 has introduced a totally re-worked tables structure. The new structure is awesome and I read about it at the time the changes were being planned and implemented, but had forgotten. As a result the very first line in my configuration, "table 1 flush" was no longer valid and the remainder of the file was ignored. I assumed that I had missed this in the release notes, but I can find no reference to this significant change that simultaneously greatly enhanced ipfw table functionality, but also broke my configuration. While the fix was trivial, if the Release Notes had addressed this, I would not have had the problem in the first place. -- Kevin Oberman, Part time kid herder and retired Network Engineer E-mail: rkoberman at gmail.com PGP Fingerprint: D03FB98AFA78E3B78C1694B318AB39EF1B055683
On Sun, 31 Jul 2016 12:28:06 -0700, Kevin Oberman wrote: > This morning I updated my min user system from 10.3-Stable to 11.0-BETA3. > In general, things went well, but I had two issues that prevented the > network from operating. the first is a lack of documentation in the Release > Notes and the second is a driver issue. Since they are in no way related, > I'll send the report of the driver issue later. > > I use ipfw(8) tables in my firewall configuration. Unfortunately, 11.0 has > introduced a totally re-worked tables structure. The new structure is > awesome and I read about it at the time the changes were being planned and > implemented, but had forgotten. As a result the very first line in my > configuration, "table 1 flush" was no longer valid and the remainder of the > file was ignored. > > I assumed that I had missed this in the release notes, but I can find no > reference to this significant change that simultaneously greatly enhanced > ipfw table functionality, but also broke my configuration. While the fix > was trivial, if the Release Notes had addressed this, I would not have had > the problem in the first place. I don't see this as a Release Notes issue - though I guess it will be if it cannot be quickly fixed before 11.0-RELEASE - but as a very serious and - as far as I know - unreported regression in ipfw(8). In 18 years I cannot recall any addition of features, or additional options for existing features, that caused any breakage of existing rulesets. What on earth could be invalid about "table 1 flush"? cc'ing ipfw@, which is most likely where this should be discussed .. cheers, Ian
On 31.07.16 22:28, Kevin Oberman wrote:> I assumed that I had missed this in the release notes, but I can find no > reference to this significant change that simultaneously greatly enhanced > ipfw table functionality, but also broke my configuration. While the fix > was trivial, if the Release Notes had addressed this, I would not have had > the problem in the first place.I fixed this in r303615. Thanks for the report! -- WBR, Andrey V. Elsukov -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 563 bytes Desc: OpenPGP digital signature URL: <http://lists.freebsd.org/pipermail/freebsd-stable/attachments/20160801/1338c7a8/attachment.sig>