From nobody Sat Oct 11 19:04:58 2025 X-Original-To: freebsd-current@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4ckY2q4K5Sz6CKCM for ; Sat, 11 Oct 2025 19:05:07 +0000 (UTC) (envelope-from ronald-lists@klop.ws) Received: from smtp-relay-int-backup.realworks.nl (smtp-relay-int-backup.realworks.nl [87.255.56.188]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 4ckY2q1lnVz3kV8 for ; Sat, 11 Oct 2025 19:05:07 +0000 (UTC) (envelope-from ronald-lists@klop.ws) Authentication-Results: mx1.freebsd.org; none Received: from smtp-relay-int-backup.realworks.nl (crmpreview3.colo2.realworks.nl [10.2.52.33]) by mailrelayint1.colo2.realworks.nl (Postfix) with ESMTP id 4ckY2g0HSCz10X; Sat, 11 Oct 2025 21:04:58 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=klop.ws; s=rw2; t=1760209499; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to; bh=uic6tEaIqBuwxEqoYBx1RjOOs+wQhKanvnfsNEpIyNs=; b=M7ji6Ty+gBsxM3BByY/QPiyPHGTXaxA50qWABgbo4P3LBgDnI9B+38Jgh603+sXZNbiRO9 //y/fEP+HWKM8mW613F3pxWOkNqG52gpyKbvRyYsUH+BMPo7sLGSdTZ5STRfGR/0+fbiWB 8FmS6Q1zb/xNpDTDJMAS9BLWu7vB2AzOFuFjq2t2J7C7+/hRFIkCCVVoL6RxkOp0LmfRdp /axAvCIB/U4cohDpwC97PX/0atgF1LWfEXVhBIQtuKRJqIlYEWnvKI3qg3oEkAOgJ3q3Zt AVaMicYzzbZEfL95owJfINneAMblN5wsUQI7SyGaXQ/iuE/UVj9GzxVBLay/7Q== Received: from crmpreview3.colo2.realworks.nl (localhost [127.0.0.1]) by crmpreview3.colo2.realworks.nl (Postfix) with ESMTP id C28FA140068; Sat, 11 Oct 2025 21:04:58 +0200 (CEST) Date: Sat, 11 Oct 2025 21:04:58 +0200 (CEST) From: Ronald Klop To: A FreeBSD User Cc: FreeBSD CURRENT Message-ID: <1720635174.15495.1760209498568@localhost> In-Reply-To: <20251011155130.47db5448@thor.sb211.local> Subject: Re: ipfw: ipfw: Adding record failed: Inappropriate ioctl for device List-Id: Discussions about the use of FreeBSD-current List-Archive: https://lists.freebsd.org/archives/freebsd-current List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-current@FreeBSD.org MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_Part_15494_1894220882.1760209498563" X-Mailer: Realworks (768.4) X-Originating-Host: from (localhost [127.0.0.1]) by crmpreview3.colo2.realworks.nl [10.2.52.33] with HTTP; Sat, 11 Oct 2025 21:04:58 +0200 Importance: Normal X-Priority: 3 (Normal) X-Spamd-Bar: ---- X-Spamd-Result: default: False [-4.00 / 15.00]; REPLY(-4.00)[]; ASN(0.00)[asn:38930, ipnet:87.255.32.0/19, country:NL] X-Rspamd-Pre-Result: action=no action; module=replies; Message is reply to one we originated X-Rspamd-Queue-Id: 4ckY2q1lnVz3kV8 ------=_Part_15494_1894220882.1760209498563 Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Hi, Are you sure the /sbin/ipfw binary is also from 15-STABLE? Regards, Ronald Van: A FreeBSD User Datum: 11 oktober 2025 15:52 Aan: FreeBSD CURRENT Onderwerp: ipfw: ipfw: Adding record failed: Inappropriate ioctl for device > > > > Hello, > > running a small home brewn firewall appliance based upon FreeBSD 14-STABLE and IPFW, I > switched the base to 15-STABLE (FreeBSD 15.0-STABLE #5 n280665-6eb4708a84d7: Sat Oct 11 > 09:08:00 CEST 2025 amd64). > > Now I face a serious issue with formerly flawless running skripts filling ipfw tables and the > readynes of the system after a reboot. > > tables: > creating some named tables. > Having a list of IPv4 and IPv6 addresses that needed to be blocked, like VoIP Blacklist with > over 35k lines. Each line (IPv4) is > > X.X.X.X/CIDR > > Shell is /bin/sh. > > Reading the file and filling the table like shown below; > tbl_block=foo > > #/usr/bin/env sh > ipfw table $tbl_block create type addr or-flush > while read -r line > do ipfw table $tbl_block atomic add $line > done < /some/path/to/block_file.txt > > The block_file.txt looks like > > [...] > 45.143.220.228/32 > 68.64.211.117/32 > 113.141.70.204/32 > 77.247.110.245/32 > 103.211.36.18/32 > 156.96.63.238/32 > 185.53.88.2/32 > 185.53.88.14/32 > 52.8.201.128/32 > 113.141.70.184/32 > 115.236.54.2/32 > 50.17.48.216/32 > 77.247.108.138/32 > 77.247.110.216/32 > 171.76.62.142/32 > 77.247.110.227/32 > 62.4.15.163/32 > 158.69.242.200/32 > 185.53.88.129/32 > 102.165.39.82/32 > 103.231.139.130/32 > 69.142.172.14/32 > 148.76.71.148/32 > 82.70.244.121/32 > 77.247.109.72/32 > 52.41.52.34/32 > [...] > > While running the skript, each time an address is picked up and inserted to the table, I see > this on the console: > > [...] > added(reverted): 45.143.220.228/32 0 > ipfw: Adding record failed: Inappropriate ioctl for device > added(reverted): 68.64.211.117/32 0 > ipfw: Adding record failed: Inappropriate ioctl for device > added(reverted): 113.141.70.204/32 0 > ipfw: Adding record failed: Inappropriate ioctl for device > added(reverted): 77.247.110.245/32 0 > ipfw: Adding record failed: Inappropriate ioctl for device > > I never saw this happen on 14-STABLE with the very same scripts. What is the cause of this > ioctl issue? > > Thanks and kind regards, > > Oliver > > > > > > > -- > > A FreeBSD user > > > > > > > ------=_Part_15494_1894220882.1760209498563 Content-Type: text/html; charset=us-ascii Content-Transfer-Encoding: 7bit Hi,

Are you sure the /sbin/ipfw binary is also from 15-STABLE?

Regards,
Ronald


Van: A FreeBSD User <freebsd@walstatt-de.de>
Datum: 11 oktober 2025 15:52
Aan: FreeBSD CURRENT <freebsd-current@freebsd.org>
Onderwerp: ipfw: ipfw: Adding record failed: Inappropriate ioctl for device

Hello,

running a small home brewn firewall appliance  based upon FreeBSD 14-STABLE and IPFW, I
switched the base to 15-STABLE (FreeBSD 15.0-STABLE #5 n280665-6eb4708a84d7: Sat Oct 11
09:08:00 CEST 2025 amd64).

Now I face a serious issue with formerly flawless running skripts filling ipfw tables and the
readynes of the system after a reboot.

tables:
creating some named tables.
Having a list of IPv4 and IPv6 addresses that needed to be blocked, like VoIP Blacklist with
over 35k lines. Each line (IPv4) is

X.X.X.X/CIDR

Shell is /bin/sh.

Reading the file and filling the table like shown below;
tbl_block=foo

#/usr/bin/env sh
ipfw table $tbl_block create type addr or-flush
while read -r line
do ipfw table $tbl_block atomic add $line
done  < /some/path/to/block_file.txt

The block_file.txt looks like

[...]
45.143.220.228/32
68.64.211.117/32
113.141.70.204/32
77.247.110.245/32
103.211.36.18/32
156.96.63.238/32
185.53.88.2/32
185.53.88.14/32
52.8.201.128/32
113.141.70.184/32
115.236.54.2/32
50.17.48.216/32
77.247.108.138/32
77.247.110.216/32
171.76.62.142/32
77.247.110.227/32
62.4.15.163/32
158.69.242.200/32
185.53.88.129/32
102.165.39.82/32
103.231.139.130/32
69.142.172.14/32
148.76.71.148/32
82.70.244.121/32
77.247.109.72/32
52.41.52.34/32
[...]

While running the skript, each time an address is picked up and inserted to the table, I see
this on the console:

[...]
added(reverted): 45.143.220.228/32 0
ipfw: Adding record failed: Inappropriate ioctl for device
added(reverted): 68.64.211.117/32 0
ipfw: Adding record failed: Inappropriate ioctl for device
added(reverted): 113.141.70.204/32 0
ipfw: Adding record failed: Inappropriate ioctl for device
added(reverted): 77.247.110.245/32 0
ipfw: Adding record failed: Inappropriate ioctl for device

I never saw this happen on 14-STABLE with the very same scripts. What is the cause of this
ioctl issue?

Thanks and kind regards,

Oliver






-- 

A FreeBSD user



------=_Part_15494_1894220882.1760209498563--