From owner-freebsd-current@freebsd.org Wed Apr 5 19:39:08 2017 Return-Path: Delivered-To: freebsd-current@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 5CC13D30CE5 for ; Wed, 5 Apr 2017 19:39:08 +0000 (UTC) (envelope-from cy.schubert@komquats.com) Received: from smtp-out-so.shaw.ca (smtp-out-so.shaw.ca [64.59.136.139]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "Client", Issuer "CA" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 33B7FCCE for ; Wed, 5 Apr 2017 19:39:07 +0000 (UTC) (envelope-from cy.schubert@komquats.com) Received: from spqr.komquats.com ([96.50.22.10]) by shaw.ca with SMTP id vqlkc1Rfzsa1kvqllc5Xcz; Wed, 05 Apr 2017 13:39:05 -0600 X-Authority-Analysis: v=2.2 cv=W+NIbVek c=1 sm=1 tr=0 a=jvE2nwUzI0ECrNeyr98KWA==:117 a=jvE2nwUzI0ECrNeyr98KWA==:17 a=kj9zAlcOel0A:10 a=AzvcPWV-tVgA:10 a=pGLkceISAAAA:8 a=YxBL1-UpAAAA:8 a=6I5d2MoRAAAA:8 a=bqeRBnpSgSEpZRv9QYUA:9 a=CjuIK1q_8ugA:10 a=6kGIvZw6iX1k4Y-7sg4_:22 a=Ia-lj3WSrqcvXOmTRaiG:22 a=IjZwj45LgO3ly-622nXo:22 Received: from slippy.cwsent.com (slippy8 [10.2.2.6]) by spqr.komquats.com (Postfix) with ESMTPS id 2C0096EF; Wed, 5 Apr 2017 12:39:04 -0700 (PDT) Received: from slippy (localhost [127.0.0.1]) by slippy.cwsent.com (8.15.2/8.15.2) with ESMTP id v35Jc32X071880; Wed, 5 Apr 2017 12:38:43 -0700 (PDT) (envelope-from Cy.Schubert@cschubert.com) Message-Id: <201704051938.v35Jc32X071880@slippy.cwsent.com> X-Mailer: exmh version 2.8.0 04/21/2012 with nmh-1.6 Reply-to: Cy Schubert From: Cy Schubert X-os: FreeBSD X-Sender: cy@cwsent.com X-URL: http://www.cschubert.com/ To: Ernie Luzar cc: FreeBSD current Subject: Re: Is ipfilter firewall with ippool working? In-Reply-To: Message from Ernie Luzar of "Wed, 05 Apr 2017 10:47:21 -0400." <58E50379.6090406@gmail.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Date: Wed, 05 Apr 2017 12:38:03 -0700 X-CMAE-Envelope: MS4wfLbJyCSed2UObsKk94S3LZr3PXP847U8SQ1cyMLJGj/xLDAzBzGZ5xzFDhNnvs0MqZoVKR+h24F4pM/BWO7NfHPeg5bb07j+yqL/S0XmQqSNsZmLA2p0 ORLuB6pGNQzh+Coxvnl24/0fAlIn01S4FZdQaMoqmJJSWFgBXOP+xuPlo1F/u2N/I1ePxHEY/Nl/ogWFVOEdAwzD9hT6H1VQ8P4= X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 05 Apr 2017 19:39:08 -0000 In message <58E50379.6090406@gmail.com>, Ernie Luzar writes: > I have been a ipfilter user since Freebsd 3.0 without any complaints. > Now I'm trying to get ippool to function. I have been able to add a > pool, but now I want to refresh it's contents. From what I read in "man > 8 ippool", I have to remove the pool from core and then re-add it with > the complete new content. When I issue this command to remove the named > ippool from core, I get message saying "Segmentation fault (core > dumped)" and the system continues as normal. > > ippool -R -m unsolicited > > I know that in 2016 ipfilter was forked and updated to be freebsd > friendly. Thinking maybe something in the kernel code was changed that > now is causing this problem. I'm running release 11.0. > > Is there anyone out there who has ipfilter/ippool working? Hi, I use ipfilter (and have for a couple of decades on Solaris and FreeBSD). We haven't forked it but we are fixing bugs and pushing them upstream. Looking at the ippool source, this is another case of the source or man page being incorrect. Looking at earlier versions of the source and man pages, it appears to have been broken for almost forever. This is not the first command line parsing issue or man page discrepancy in ipfilter. Can you please file a PR and assign it to me? The todos will be to: 1. Determine whether the man page or the code is correct. 2. Verify that all arguments are parsed (and subsequently processes). 3. Verify that correct error messages are produced as appropriate. For now you can issue ippool -R -m unsolicited POOL_TYPE, where pool type is documented in the man page with -t (though that will also need to be verified). The ippool parser thinks the pool type is a positional argument not an option. I'd like to verify Darren Reed's (original author's) intention before blindly "fixing" anything. -- Cheers, Cy Schubert FreeBSD UNIX: Web: http://www.FreeBSD.org The need of the many outweighs the greed of the few.