From owner-freebsd-current@freebsd.org Thu Apr 6 14:54:51 2017 Return-Path: Delivered-To: freebsd-current@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id A2633D32B18 for ; Thu, 6 Apr 2017 14:54:51 +0000 (UTC) (envelope-from luzar722@gmail.com) Received: from mail-io0-x230.google.com (mail-io0-x230.google.com [IPv6:2607:f8b0:4001:c06::230]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 74EFF3F3 for ; Thu, 6 Apr 2017 14:54:51 +0000 (UTC) (envelope-from luzar722@gmail.com) Received: by mail-io0-x230.google.com with SMTP id f84so31144562ioj.0 for ; Thu, 06 Apr 2017 07:54:51 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=message-id:date:from:user-agent:mime-version:to:cc:subject :references:in-reply-to:content-transfer-encoding; bh=xzKU2F5gH7C1d9Kv9s5/Ou8gLf7Et3JnFurmg/mZCrc=; b=gtrmxUDq3iBlW1lDa/p/RC6qObfVOLS6dtmvIHc/lz5woS07K8e671CX8ZEIA4ReXx OtVu8mFwI3eYMeCFeh6HerFdFXr0QrqgVC6U/0Oja1yPLRQ34DfjznDNWdZ9Aial/fZL jqu5hWA5eZaQdbfDS93GH9XqFhhklK3JBA53SY+/s+WQDWl98xaspftofGrjXBCp3nmC RJdDtSiHIVEUHcF0DbPytjRoWFhe9NZauPWmLKdTa9Bbh2hXqGPNoTwbsxZX7BSw07aG Akp9isDJw5T1ydk6Z7Fh8CHi+BB94CkenlGsptWbqkqwRvikkdQa6I3Ec3m3WK7ci8kt EmkQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:message-id:date:from:user-agent:mime-version:to :cc:subject:references:in-reply-to:content-transfer-encoding; bh=xzKU2F5gH7C1d9Kv9s5/Ou8gLf7Et3JnFurmg/mZCrc=; b=Ehe3Vqe/dK5i8N8fDRXSC2EgqW2eiTxgwdxSR1u8eLHs8IG+KZbztr+nvJf6IgFnLt gN1nfHNqzA5s4bpjiph9qBDO1COySlu0tMZ39PUiXIhyfN3+vRfu4nWREvknHs2OJIJ6 Oh4fAXRqxIuwXUV2yNzzjNyKHIl5oM0unFYsJvZAChw3BJVzCwPdLroRipr7USgVsp6Y TKtDC57UfgPl9h9uN9M1yBhKPUI+9y/dG3/PFNORrKi9Smr3b0j2q0xElqh0QxqDzY2K IXFBy0lur0v4RCKUhaDiADbzGpqsC25UGcvM+C1zlFUnWrG9b5Cc1fVz6da2Ed7ZS7EV 5QhA== X-Gm-Message-State: AFeK/H2IimuSuKq0jhn1Pq7xTciZbDwXCme1Z+mpYoSVXloRh4qVLW6IEFCdfx+jqxo37A== X-Received: by 10.107.131.211 with SMTP id n80mr34194032ioi.210.1491490490736; Thu, 06 Apr 2017 07:54:50 -0700 (PDT) Received: from [10.0.10.3] (cpe-74-141-88-57.neo.res.rr.com. [74.141.88.57]) by smtp.googlemail.com with ESMTPSA id x127sm948692itg.26.2017.04.06.07.54.49 (version=TLS1 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Thu, 06 Apr 2017 07:54:50 -0700 (PDT) Message-ID: <58E656C6.8000801@gmail.com> Date: Thu, 06 Apr 2017 10:55:02 -0400 From: Ernie Luzar User-Agent: Thunderbird 2.0.0.24 (Windows/20100228) MIME-Version: 1.0 To: Cy Schubert CC: FreeBSD current Subject: Re: Is ipfilter firewall with ippool working? References: <201704051938.v35Jc32X071880@slippy.cwsent.com> In-Reply-To: <201704051938.v35Jc32X071880@slippy.cwsent.com> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 06 Apr 2017 14:54:51 -0000 Cy Schubert wrote: > In message <58E50379.6090406@gmail.com>, Ernie Luzar writes: >> I have been a ipfilter user since Freebsd 3.0 without any complaints. >> Now I'm trying to get ippool to function. I have been able to add a >> pool, but now I want to refresh it's contents. From what I read in "man >> 8 ippool", I have to remove the pool from core and then re-add it with >> the complete new content. When I issue this command to remove the named >> ippool from core, I get message saying "Segmentation fault (core >> dumped)" and the system continues as normal. >> >> ippool -R -m unsolicited >> >> I know that in 2016 ipfilter was forked and updated to be freebsd >> friendly. Thinking maybe something in the kernel code was changed that >> now is causing this problem. I'm running release 11.0. >> >> Is there anyone out there who has ipfilter/ippool working? > > Hi, > > I use ipfilter (and have for a couple of decades on Solaris and FreeBSD). > We haven't forked it but we are fixing bugs and pushing them upstream. > > Looking at the ippool source, this is another case of the source or man > page being incorrect. Looking at earlier versions of the source and man > pages, it appears to have been broken for almost forever. This is not the > first command line parsing issue or man page discrepancy in ipfilter. > > Can you please file a PR and assign it to me? The todos will be to: > > 1. Determine whether the man page or the code is correct. > 2. Verify that all arguments are parsed (and subsequently processes). > 3. Verify that correct error messages are produced as appropriate. > > For now you can issue ippool -R -m unsolicited POOL_TYPE, where pool type > is documented in the man page with -t (though that will also need to be > verified). The ippool parser thinks the pool type is a positional argument > not an option. > > I'd like to verify Darren Reed's (original author's) intention before > blindly "fixing" anything. > > Thank you for taking on this project to fix ippool. I have stumbled across many items that don't work as documented or the documentation doesn't provide enough information about the required syntax. Yes I can submit a pr. I will add to your to-do list pointing out things that need addressing. I have already tried "ippool -R -m unsolicited -t tree" and it gives error ilegal option --t The usage of this command is to remove the named pool from running in core so it can be re-added in mass with updated content. I can all most do the same thing using this command sequence ippool -f /etc/ippool.conf -u this unloads all the entries but leaves the pool name in place then this command reloads in mass ippool -f /etc/ippool.conf Can you suggest some other way the get ippool -R command working?