From owner-freebsd-questions@FreeBSD.ORG Mon Aug 3 09:36:03 2009 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 8D1A6106566B for ; Mon, 3 Aug 2009 09:36:03 +0000 (UTC) (envelope-from bounces@nabble.com) Received: from kuber.nabble.com (kuber.nabble.com [216.139.236.158]) by mx1.freebsd.org (Postfix) with ESMTP id 672978FC0C for ; Mon, 3 Aug 2009 09:36:03 +0000 (UTC) (envelope-from bounces@nabble.com) Received: from isper.nabble.com ([192.168.236.156]) by kuber.nabble.com with esmtp (Exim 4.63) (envelope-from ) id 1MXtxa-00029P-KA for freebsd-questions@freebsd.org; Mon, 03 Aug 2009 02:36:02 -0700 Message-ID: <24787848.post@talk.nabble.com> Date: Mon, 3 Aug 2009 02:36:02 -0700 (PDT) From: sailer To: freebsd-questions@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-Nabble-From: sailer.shen@gmail.com Subject: "ioctl (SIOCIPFL6): input/output error." when start ipfilter at freebsd 7.2 x64 X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 03 Aug 2009 09:36:03 -0000 This is my freebsd 7.2: [code] FreeBSD fbsd.test.com 7.2-RELEASE FreeBSD 7.2-RELEASE #0: Mon Aug 3 06:40:56 UTC 2009 root@vfbsd.shstorm.com:/usr/src/sys/amd64/compile/kernel_IPF amd64 [/code] In kenrel_IPF, I add these lines: [code] options IPFILTER options IPFILTER_LOG [/code] Add these lines in /etc/rc.conf: [code] ipfilter_enable="YES" ipfilter_program="/sbin/ipf" ipfilter_rules="/etc/ipf.rules" ipfilter_flags="-D" ipmon_enable="YES" ipmon_flags="-D /var/log/ipfilter.log" [/code] This is /etc/ipf.rules: [code] pass out quick on lo0 all pass in quick on lo0 all block in on re0 all block out on re0 all block in log quick all with short block in log quick all with ipopts block in log quick all with frag block in log quick all with opt lsrr block in log quick all with opt ssrr pass in on re0 proto tcp from any to any port = 80 flags S/SA keep state pass in on re0 proto tcp from any to any port = 22 flags S/SA keep state pass in on re0 proto tcp from any to any port = ftp flags S/SA keep state pass in on re0 proto tcp from any to any port = ftp-data flags S/SA keep state pass in on re0 proto tcp from any to any port 30000 >< 50001 flags S/SA keep state [/code] When start system, it shows some error messages: [code] ...... Enabling ipfilter ioctl (SIOCIPFL6): input/output error. ...... [/code] Who can help me? -- View this message in context: http://www.nabble.com/%22ioctl-%28SIOCIPFL6%29%3A-input-output-error.%22-when-start-ipfilter-at-freebsd-7.2-x64-tp24787848p24787848.html Sent from the freebsd-questions mailing list archive at Nabble.com.