I tried upgrading my server from 5.4 to 6.0 the other day. I noticed a couple of things: pfctl does not work with 6.0. It complains about certain ioctls, so I would assume that the interface has changed. pf(4) on the FreeBSD website should show you the difference. This was rather inconvenient, because (as I'm sure you probably know) if you load pf.ko, the default is deny, and therefore ssh doesn't work. Luckily, the server sits in my apartment, so I could log in via the console. bind9, while not stellar on 5.4, hangs on 6.0. On 5.4, it eventually returns SERVFAIL for every request. On 6.0, it won't even start. This may have been fixed, as I last experienced this a while ago, since I got rid of bind9 and replaced it with pdns-{server,recursor}, which has had no problems at all. I don't know what y'all think, but I personally wouldn't mind a bit if we didn't support bind9. Upon reinstalling 5.4 and rebooting into it, I found NAT didn't work. After several hours, I finally discovered it was because IP forwarding wasn't enabled, even though I had it in /etc/sysctl.conf. When I ran sysctl to load it, I found that /bin/sysctl (the wrapper) was still calling sysctl.real for that case. I changed it to /lib/freebsd/sysctl, and all was well. So, in order, someone should probably pull a diff of pfctl from 6.0, and see if they can hack it to support both at once (deciding by uname, I guess). I might do this if I have some time. If someone wants to know about bind9, I can load it up on my kfreebsd partition on my desktop. Assuming the package supports it, I'll compile it with debugging and run it in gdb. Finally, the sysctl issue is a two line fix, which can be done with the ex command: %s/sysctl.real/\/lib\/freebsd\/sysctl/g Thanks for your attention, bmc
Attachment:
signature.asc
Description: This is a digitally signed message part