Date: Sat, 11 Oct 2025 13:49:23 -0700 From: David Wolfskill <david@catwhisker.org> To: A FreeBSD User <freebsd@walstatt-de.de> Cc: FreeBSD CURRENT <freebsd-current@freebsd.org> Subject: Re: ipfw: ipfw: Adding record failed: Inappropriate ioctl for device Message-ID: <aOrC07D8zjuU72UP@albert.catwhisker.org> In-Reply-To: <20251011155130.47db5448@thor.sb211.local> References: <20251011155130.47db5448@thor.sb211.local>
next in thread | previous in thread | raw e-mail | index | archive | help
--H2Nh7Zfw+SJ99gYO Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Sat, Oct 11, 2025 at 03:51:15PM +0200, A FreeBSD User wrote: > Hello, >=20 > running a small home brewn firewall appliance based upon FreeBSD 14-STAB= LE and IPFW, I > switched the base to 15-STABLE (FreeBSD 15.0-STABLE #5 n280665-6eb4708a84= d7: Sat Oct 11 > 09:08:00 CEST 2025 amd64). >=20 > Now I face a serious issue with formerly flawless running skripts filling= ipfw tables and the > readynes of the system after a reboot. > ... I believe that I have a simple reproduction of (the core of) the problem: g1-48(15.0-S)[82] pwd /tmp g1-48(15.0-S)[83] uname -aUK FreeBSD g1-48.catwhisker.org 15.0-STABLE FreeBSD 15.0-STABLE #454 stable/15= -n280665-6eb4708a84d7: Sat Oct 11 14:58:22 UTC 2025 root@g1-48.catwhisk= er.org:/common/S3/obj/usr/src/amd64.amd64/sys/CANARY amd64 1500500 1500500 g1-48(15.0-S)[84] ipfw table 1 flush g1-48(15.0-S)[85] ipfw table 1 list g1-48(15.0-S)[86] cat t1 table 1 add 1.0.1.0/24 table 1 add 1.0.2.0/23 table 1 add 1.0.8.0/21 table 1 add 1.0.32.0/19 table 1 add 1.1.0.0/24 table 1 add 1.1.2.0/23 table 1 add 1.1.4.0/22 table 1 add 1.1.9.0/24 table 1 add 1.1.10.0/23 table 1 add 1.1.12.0/22 g1-48(15.0-S)[87] cat t1 | /sbin/ipfw /dev/stdin added: 1.0.1.0/24 0 Line 1: Adding record failed: Inappropriate ioctl for device g1-48(15.0-S)[88] ipfw table 1 list 1.0.1.0/24 0 g1-48(15.0-S)[89] ipfw table 1 flush g1-48(15.0-S)[90] ipfw table 1 list g1-48(15.0-S)[91] /sbin/ipfw /tmp/t1 added: 1.0.1.0/24 0 added: 1.0.2.0/23 0 added: 1.0.8.0/21 0 added: 1.0.32.0/19 0 added: 1.1.0.0/24 0 added: 1.1.2.0/23 0 added: 1.1.4.0/22 0 added: 1.1.9.0/24 0 added: 1.1.10.0/23 0 added: 1.1.12.0/22 0 g1-48(15.0-S)[92] ipfw table 1 list 1.0.1.0/24 0 1.0.2.0/23 0 1.0.8.0/21 0 1.0.32.0/19 0 1.1.0.0/24 0 1.1.2.0/23 0 1.1.4.0/22 0 1.1.9.0/24 0 1.1.10.0/23 0 1.1.12.0/22 0 g1-48(15.0-S)[93]=20 So it seems that /sbin/ipfw no longer copes with reading from /dev/stdin, but is OK reading from a regular file. (I had observed the same behavior in main-n281059-2d9fd2c573c3, now that I know to look for it.) (I note that I had been using a construct involving piping the "table add" commands to /sbin/ipfw since 2008, shortly after getting the nudge from Julian to populate a table from a file, rather than invoking /sbin/ipfw for each table entry.) Peace, david --=20 David H. Wolfskill david@catwhisker.org See https://www.catwhisker.org/~david/publickey.gpg for my public key. --H2Nh7Zfw+SJ99gYO Content-Type: application/pgp-signature; name=signature.asc -----BEGIN PGP SIGNATURE----- iNUEARYKAH0WIQSTLzOSbomIK53fjFliipiWhXYx5QUCaOrC018UgAAAAAAuAChp c3N1ZXItZnByQG5vdGF0aW9ucy5vcGVucGdwLmZpZnRoaG9yc2VtYW4ubmV0OTMy RjMzOTI2RTg5ODgyQjlEREY4QzU5NjI4QTk4OTY4NTc2MzFFNQAKCRBiipiWhXYx 5XrgAQCH/T34+S3Ymrv7zpk5Z/jlZ2H34+kH5923QN0gLn+EwQEAr2gQUzsSCvso bwMe6UuDiNgISpCIDVP1fzdy82aenw4= =u7kj -----END PGP SIGNATURE----- --H2Nh7Zfw+SJ99gYO--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?aOrC07D8zjuU72UP>