Date: Sun, 20 Oct 2002 15:18:41 -0400 (EDT) From: Chris Pepper <pepper@rockefeller.edu> To: FreeBSD-gnats-submit@FreeBSD.org Cc: Luigi Rizzo <luigi@FreeBSD.org> Subject: kern/44311: IPFW2 broken in recent 4.7-STABLE?? Message-ID: <20021020191841.4DF27AA8B@www.reppep.com>
next in thread | raw e-mail | index | archive | help
>Number: 44311 >Category: kern >Synopsis: IPFW2 broken in recent 4.7-STABLE?? >Confidential: no >Severity: serious >Priority: medium >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Sun Oct 20 12:20:01 PDT 2002 >Closed-Date: >Last-Modified: >Originator: Chris Pepper >Release: FreeBSD 4.7-STABLE i386 >Organization: >Environment: System: FreeBSD www.reppep.com 4.7-STABLE FreeBSD 4.7-STABLE #4: Sun Oct 20 01:54:39 EDT 2002 root@www.reppep.com:/usr/obj/usr/src/sys/GENERIC i386 >Description: Last night I enabled IPFW in /etc/rc.conf with the "open" ruleset. Traffic was flowing, and "ipfw -atNde l" showed the expected 5 rules. Here are my entries from rc.conf: firewall_enable="YES" # Set to YES to enable firewall functionality firewall_script="/etc/rc.firewall" # Which script to run to set up the firewall firewall_type="open" # Firewall type (see /etc/rc.firewall) firewall_quiet="NO" # Set to YES to suppress rule display firewall_logging="YES" # Set to YES to enable events logging firewall_flags="" # Flags passed to ipfw when type is a file Half an hour ago, I added IPFW2=TRUE to /etc/make.conf and rebuild my kernel from a cvsup this morning, and IPFW stopped passing traffic (no access in or out of the box, Samba and other daemons started reporting permission denied errors). "ipfw -atNde l" returned the following (repeating over 100mb without line breaks, before I gave up and stopped it): [www:~] root# more ipfw-atNde-l.txt 00141 38749194944512 0 ip from any to any [op code 0 len 0] [opcode 0 len 0] [opcode 0 len 0] [opcode 0 len 0] [opcode 0 len 0 ] [opcode 0 len 0] [opcode 0 len 0] [opcode 0 len 0] [opcode 0 len 0] [opcode 0 len 0] [opcode 0 len 0] [opcode 0 len 0] [opcode 0 len 0] [opcode 0 len 0] [opco de 0 len 0] [opcode 0 len 0] [opcode 0 len 0] [opcode 0 len 0] [opcode 0 len 0] [opcode 0 len 0] [opcode 0 len 0] [opcode 0 len 0] [opcode 0 len 0] [opcode 0 le n 0] [opcode 0 len 0] [opcode 0 len 0] [opcode 0 len 0] [opcode 0 len 0] [opcode firewall_enable="NO" in /etc/rc.conf restored connectivity, but I would like to get IPFW2 working so I can use OR rules. >How-To-Repeat: Rebuild current 4.7-STABLE with IPFW2=TRUE in /etc/make.conf; enable IPFW with "open" type firewall in /etc/rc.conf. Attempt to pass traffic or open listeners. >Fix: >Release-Note: >Audit-Trail: >Unformatted: To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-bugs" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20021020191841.4DF27AA8B>