From owner-freebsd-bugs Sun Oct 20 12:20: 5 2002 Delivered-To: freebsd-bugs@hub.freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id E816537B401 for ; Sun, 20 Oct 2002 12:20:02 -0700 (PDT) Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21]) by mx1.FreeBSD.org (Postfix) with ESMTP id 431D743E97 for ; Sun, 20 Oct 2002 12:20:02 -0700 (PDT) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (gnats@localhost [127.0.0.1]) by freefall.freebsd.org (8.12.6/8.12.6) with ESMTP id g9KJK2x3091268 for ; Sun, 20 Oct 2002 12:20:02 -0700 (PDT) (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.12.6/8.12.6/Submit) id g9KJK2Wj091267; Sun, 20 Oct 2002 12:20:02 -0700 (PDT) Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id ADAC137B401; Sun, 20 Oct 2002 12:17:02 -0700 (PDT) Received: from www.reppep.com (www.reppep.com [66.92.104.200]) by mx1.FreeBSD.org (Postfix) with ESMTP id 4D03043E7B; Sun, 20 Oct 2002 12:16:58 -0700 (PDT) (envelope-from pepper@reppep.com) Received: by www.reppep.com (Postfix, from userid 501) id 4DF27AA8B; Sun, 20 Oct 2002 15:18:41 -0400 (EDT) Message-Id: <20021020191841.4DF27AA8B@www.reppep.com> Date: Sun, 20 Oct 2002 15:18:41 -0400 (EDT) From: Chris Pepper Reply-To: Chris Pepper To: FreeBSD-gnats-submit@FreeBSD.org Cc: Luigi Rizzo X-Send-Pr-Version: 3.113 Subject: kern/44311: IPFW2 broken in recent 4.7-STABLE?? Sender: owner-freebsd-bugs@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org >Number: 44311 >Category: kern >Synopsis: IPFW2 broken in recent 4.7-STABLE?? >Confidential: no >Severity: serious >Priority: medium >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Sun Oct 20 12:20:01 PDT 2002 >Closed-Date: >Last-Modified: >Originator: Chris Pepper >Release: FreeBSD 4.7-STABLE i386 >Organization: >Environment: System: FreeBSD www.reppep.com 4.7-STABLE FreeBSD 4.7-STABLE #4: Sun Oct 20 01:54:39 EDT 2002 root@www.reppep.com:/usr/obj/usr/src/sys/GENERIC i386 >Description: Last night I enabled IPFW in /etc/rc.conf with the "open" ruleset. Traffic was flowing, and "ipfw -atNde l" showed the expected 5 rules. Here are my entries from rc.conf: firewall_enable="YES" # Set to YES to enable firewall functionality firewall_script="/etc/rc.firewall" # Which script to run to set up the firewall firewall_type="open" # Firewall type (see /etc/rc.firewall) firewall_quiet="NO" # Set to YES to suppress rule display firewall_logging="YES" # Set to YES to enable events logging firewall_flags="" # Flags passed to ipfw when type is a file Half an hour ago, I added IPFW2=TRUE to /etc/make.conf and rebuild my kernel from a cvsup this morning, and IPFW stopped passing traffic (no access in or out of the box, Samba and other daemons started reporting permission denied errors). "ipfw -atNde l" returned the following (repeating over 100mb without line breaks, before I gave up and stopped it): [www:~] root# more ipfw-atNde-l.txt 00141 38749194944512 0 ip from any to any [op code 0 len 0] [opcode 0 len 0] [opcode 0 len 0] [opcode 0 len 0] [opcode 0 len 0 ] [opcode 0 len 0] [opcode 0 len 0] [opcode 0 len 0] [opcode 0 len 0] [opcode 0 len 0] [opcode 0 len 0] [opcode 0 len 0] [opcode 0 len 0] [opcode 0 len 0] [opco de 0 len 0] [opcode 0 len 0] [opcode 0 len 0] [opcode 0 len 0] [opcode 0 len 0] [opcode 0 len 0] [opcode 0 len 0] [opcode 0 len 0] [opcode 0 len 0] [opcode 0 le n 0] [opcode 0 len 0] [opcode 0 len 0] [opcode 0 len 0] [opcode 0 len 0] [opcode firewall_enable="NO" in /etc/rc.conf restored connectivity, but I would like to get IPFW2 working so I can use OR rules. >How-To-Repeat: Rebuild current 4.7-STABLE with IPFW2=TRUE in /etc/make.conf; enable IPFW with "open" type firewall in /etc/rc.conf. Attempt to pass traffic or open listeners. >Fix: >Release-Note: >Audit-Trail: >Unformatted: To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-bugs" in the body of the message