Olpag писал(а):undefined писал(а): Возможно у Вас ядро осталось старое и модули?
# grep -A 2 'TYPE="' /usr/src/sys/conf/newvers.sh
TYPE="FreeBSD"
REVISION="9.3"
BRANCH="RELEASE-p36"
Пересобрал ядро, ничего не изменилось
# uname -a
FreeBSD swro 9.3-RELEASE-p36 FreeBSD 9.3-RELEASE-p36 #0: Wed Mar 2 11:30:43 EET 2016 root@swro:/usr/obj/usr/src/sys/GENERIC amd64
# grep ipfw /var/log/dmesg.today
ipfw2 (+ipv6) initialized, divert loadable, nat loadable,
rule-based forwarding disabled, default to deny, logging disabled
Эксперимент:
1. Чистый 9.3-RELEASE с GENERIC - проблем нет
2. Upgrade 9.3 + GENERIC - проблем нет
Fresh install:
- kernel GENERIC
- ipfw not loaded
root@bsd93:~ # uname -a
FreeBSD bsd93.lan.home.ru 9.3-RELEASE FreeBSD 9.3-RELEASE #0 r268512: Thu Jul 1
0 23:44:39 UTC 2014
root@snap.freebsd.org:/usr/obj/usr/src/sys/GENERIC amd64
root@bsd93:~ # kldstat
Id Refs Address Size Name
1 1 0xffffffff80200000 1611638 kernel
root@bsd93:~ # ipfw list
ipfw: getsockopt(IP_FW_GET): Protocol not available
root@bsd93:~ # grep -i firewall /etc/rc.conf
firewall_enable="NO"
firewall_script="/etc/rc.firewall"
firewall_type="UNKNOWN"
firewall_quiet="NO"
firewall_logging="YES"
root@bsd93:~ # grep ipfw /var/run/dmesg.boot
root@bsd93:~ #
- changing /etc/rc.conf
firewall_enable="YES"
- loading kernel module ipfw
root@bsd93:~ # service ipfw start
ipfw2 (+ipv6) initialized, divert loadable, nat loadable, default to deny, logging disabled
Flushed all rules.
00100 allow ip from any to any via lo0
00200 deny ip from any to 127.0.0.0/8
00300 deny ip from 127.0.0.0/8 to any
00400 deny ip from any to ::1
00500 deny ip from ::1 to any
00600 allow ipv6-icmp from :: to ff02::/16
00700 allow ipv6-icmp from fe80::/10 to fe80::/10
00800 allow ipv6-icmp from fe80::/10 to ff02::/16
00900 allow ipv6-icmp from any to any ip6 icmp6types 1
01000 allow ipv6-icmp from any to any ip6 icmp6types 2,135,136
Firewall rules loaded.
Firewall logging enabled.
root@bsd93:~ # grep ipfw /var/log/messages
Mar 2 15:00:01 bsd93 kernel: ipfw2 (+ipv6) initialized, divert loadable, nat lo
adable, default to deny, logging disabled
root@bsd93:~ #
- disable load firewall /etc/rc.conf
firewall_enable="NO"
- upgrade freebsd 9.3-RELENG
# freebsd-update fetch
# freebsd-update install
# reboot
root@bsd93:~ # uname -a
FreeBSD bsd93.lan.home.ru 9.3-RELEASE-p33 FreeBSD 9.3-RELEASE-p33 #0: Wed Jan 1
3 17:55:39 UTC 2016
root@amd64-builder.daemonology.net:/usr/obj/usr/src/sys/GENERIC amd64
root@bsd93:~ # kldstat
Id Refs Address Size Name
1 1 0xffffffff80200000 16116a0 kernel
root@bsd93:~ # ipfw list
ipfw: getsockopt(IP_FW_GET): Protocol not available
root@bsd93:~ #
- enable load firewall /etc/rc.conf
firewall_enable="YES"
- load firewall
root@bsd93:~ # service ipfw start
ipfw2 (+ipv6) initialized, divert loadable, nat loadable, default to deny, logging disabled
Flushed all rules.
00100 allow ip from any to any via lo0
00200 deny ip from any to 127.0.0.0/8
00300 deny ip from 127.0.0.0/8 to any
00400 deny ip from any to ::1
00500 deny ip from ::1 to any
00600 allow ipv6-icmp from :: to ff02::/16
00700 allow ipv6-icmp from fe80::/10 to fe80::/10
00800 allow ipv6-icmp from fe80::/10 to ff02::/16
00900 allow ipv6-icmp from any to any ip6 icmp6types 1
01000 allow ipv6-icmp from any to any ip6 icmp6types 2,135,136
Firewall rules loaded.
Firewall logging enabled.
root@bsd93:~ #