Aloha world,
I have questions regarding my security update with freebsd-update.
So, originally I was running a custom kernel and having to recompile and install after receiving an update. I decided I want to run GENERIC so I could just update without hassles. My main reason for a custom kernel was to run dummynet. I figured out how to run dummynet and ipfw with /etc/rc.conf and /boot/loader.conf. I copied over GENERIC and ran
I then ran:
I now see the correct version.
Next time there's an update, can I simply run the update commands and expect it to work? My GENERIC is unmodified. I had a suspicion that I needed to install GENERIC to see the correct version.
I have IPFW running like it was before but what bothers me is that /var/run/dmesg.boot shows logging disabled.
/etc/sysctl.conf
/boot/loader.conf
/etc/rc.conf
I for the life of me cannot get logging enabled in dmesg, but I confirmed my security file is logging.
/var/run/dmesg.boot
Here is the
I have questions regarding my security update with freebsd-update.
So, originally I was running a custom kernel and having to recompile and install after receiving an update. I decided I want to run GENERIC so I could just update without hassles. My main reason for a custom kernel was to run dummynet. I figured out how to run dummynet and ipfw with /etc/rc.conf and /boot/loader.conf. I copied over GENERIC and ran
freebsd-update fetch
and freebsd-update install
expecting 9.1-RELEASE-p9. But I was still seeing 9.1-RELEASE-p7.I then ran:
cd /usr/src
make buildkernel KERNCONF=GENERIC
make installkernel KERNCONF=GENERIC
I now see the correct version.
Next time there's an update, can I simply run the update commands and expect it to work? My GENERIC is unmodified. I had a suspicion that I needed to install GENERIC to see the correct version.
I have IPFW running like it was before but what bothers me is that /var/run/dmesg.boot shows logging disabled.
/etc/sysctl.conf
Code:
net.inet.ip.fw.verbose=1
net.inet.ip.fw.verbose_limit=5
Code:
net.inet.ip.fw.default_to_accept="1"
net.inet.ip.fw.verbose="1"
net.inet.ip.fw.verbose_limit="5"
/etc/rc.conf
Code:
firewall_enable="YES"
firewall_logging="YES"
firewall_type="open"
firewall_script="/etc/fire"
I for the life of me cannot get logging enabled in dmesg, but I confirmed my security file is logging.
/var/run/dmesg.boot
Code:
ipfw2 (+ipv6) initialized, divert loadable, nat loadable, rule-based forwarding disabled, default to accept, logging disabled
root@yeaguy:/root #
Here is the
sysctl -a
Code:
net.inet.ip.fw.static_count: 37
net.inet.ip.fw.default_to_accept: 1
net.inet.ip.fw.tables_max: 128
net.inet.ip.fw.default_rule: 65535
net.inet.ip.fw.verbose_limit: 5
net.inet.ip.fw.verbose: 1
net.inet.ip.fw.autoinc_step: 100
net.inet.ip.fw.one_pass: 1
net.inet.ip.fw.enable: 1
net.inet.ip.fw.dyn_keepalive: 1
net.inet.ip.fw.dyn_short_lifetime: 5
net.inet.ip.fw.dyn_udp_lifetime: 10
net.inet.ip.fw.dyn_rst_lifetime: 1
net.inet.ip.fw.dyn_fin_lifetime: 1
net.inet.ip.fw.dyn_syn_lifetime: 20
net.inet.ip.fw.dyn_ack_lifetime: 300
net.inet.ip.fw.dyn_max: 4096
net.inet.ip.fw.dyn_count: 0
net.inet.ip.fw.curr_dyn_buckets: 256
net.inet.ip.fw.dyn_buckets: 256