Date: Wed, 10 Mar 2004 10:31:22 -0600 From: "Waif W. Urchin" <jhorvath@frabill.com> To: <freebsd-questions@freebsd.org> Cc: 'James Horvath' <jhorvath@frabill.net> Subject: IOCTL(SIOCIPFL6): Invalid Argument Message-ID: <20040310163126.BB07243D1F@mx1.FreeBSD.org>
next in thread | raw e-mail | index | archive | help
Looking for some assistance, please: Working with FSBD 5.1. On reboot I see the following comment: ... Enabling ipfilter ioctl(SIOCIPFL6): Invalid Argument ... Google is mute on the subject except for listing where this item is used as a preprocessor directive. I have modified /etc/rc.d/ipfilter to remove the "-E" startup flag from 3 locations (which cleared up the ipfilter already initialized comments), but this problem was happening before I made that modification. I only mention it because the two issues (the Invalid Argument and the Ipfilter already initialized comments) may be related. I have tried turning off ipnat and ipmon in the rc.conf file, but this persists, leading me to believe the problem is in fact with the ipfilter command (or setup). Following is the rc.conf, ip.rules, and modified kernel file I am using: ============================== /etc/rc.conf: defaultrouter="192.168.1.10" hostname="whatever.something.com" ifconfig_xl0="inet 192.168.1.1 netmask 255.255.255.0" kern_securelevel_enable="YES" kern_securelevel="1" inetd_enable="NO" ipfilter_enable="YES" ipfilter_rules="/etc/ipf.rules" ipnat_enable="YES" ipnat_rules="/etc/ipnat.rules" ipmon_enable="YES" ipmon_flags="-Dvn /var/log/firewall.log" sendmail_enable="NONE" sshd_enable="YES" usbd_enable="YES" nfs_server_enable="NO" nfs_client_enable="NO" portmap_enable="NO" syslogd_enable="YES" syslogd_flags="-ss" log_in_vain="YES" accounting_enable="NO" clear_tmp_enable="YES" update_motd="NO" tcp_drop_synfin="YES" icmp_drop_redirect="YES" icmp_log_redirect="YES" tcp_extensions="NO" tcp_keepalive="YES" icmp_bmcastecho="NO" icmp_bandlim="YES" ============================== /etc/ip.rules: # Outbound rules pass out quick on xl0 proto tcp from any to any port = 80 flags S keep frags keep state pass out quick on xl0 proto tcp from any to any port = 22 flags S keep frags keep state pass out quick on xl0 proto tcp from any to any port = 5999 flags S keep state pass out quick on xl0 proto tcp from any to any port = 53 keep state keep frags block out quick on xl0 proto igmp all block out quick on xl0 proto icmp from any to any keep state block out quick on xl0 from !192.168.1.0/24 to any block out quick on xl0 from any to 2.0.0.0/8 block out quick on xl0 from any to 5.0.0.0/8 block out quick on xl0 from any to 10.0.0.0/8 block out quick on xl0 from any to 23.0.0.0/8 block out quick on xl0 from any to 27.0.0.0/8 block out quick on xl0 from any to 31.0.0.0/8 block out quick on xl0 from any to 69.0.0.0/8 block out quick on xl0 from any to 70.0.0.0/7 block out quick on xl0 from any to 72.0.0.0/5 block out quick on xl0 from any to 82.0.0.0/7 block out quick on xl0 from any to 84.0.0.0/6 block out quick on xl0 from any to 88.0.0.0/5 block out quick on xl0 from any to 96.0.0.0/3 block out quick on xl0 from any to 127.0.0.0/8 block out quick on xl0 from any to 128.0.0.0/16 block out quick on xl0 from any to 128.66.0.0/16 block out quick on xl0 from any to 169.254.0.0/16 block out quick on xl0 from any to 172.16.0.0/12 block out quick on xl0 from any to 191.255.0.0/16 block out quick on xl0 from any to 192.0.0.0/19 block out quick on xl0 from any to 192.0.48.0/20 block out quick on xl0 from any to 192.0.64.0/18 block out quick on xl0 from any to 192.0.128.0/17 block out quick on xl0 from any to 192.168.0.0/16 block out quick on xl0 from any to 197.0.0.0/8 block out quick on xl0 from any to 201.0.0.0/8 block out quick on xl0 from any to 204.152.64.0/23 block out quick on xl0 from any to 206.112.0.0/16 block out quick on xl0 from any to 224.0.0.0/3 block out on xl0 all # Inbound Packet Rules pass in quick on xl0 proto tcp from 192.168.1.36 to 192.168.1.227 port = 22 flags S keep frags keep state block in quick on xl0 proto tcp from any to any port = 10024 keep state block in quick on xl0 proto icmp from any to any keep state block in quick on xl0 proto igmp all block in quick on xl0 all with ipopts block in quick on xl0 all with frag block in quick on xl0 all with short block return-rst in quick on xl0 proto tcp all flags FUP block return-rst in quick on xl0 proto tcp from any to any block return-icmp-as-dest(port-unr) in quick on xl0 proto udp from any to any block in log quick on xl0 all with opt lsrr block in log quick on xl0 all with opt ssrr block in quick on xl0 from 0.0.0.0/7 to any block in quick on xl0 from 2.0.0.0/8 to any block in quick on xl0 from 5.0.0.0/8 to any block in quick on xl0 from 10.0.0.0/8 to any block in quick on xl0 from 23.0.0.0/8 to any block in quick on xl0 from 27.0.0.0/8 to any block in quick on xl0 from 31.0.0.0/8 to any block in quick on xl0 from 69.0.0.0/8 to any block in quick on xl0 from 70.0.0.0/7 to any block in quick on xl0 from 72.0.0.0/5 to any block in quick on xl0 from 82.0.0.0/7 to any block in quick on xl0 from 84.0.0.0/6 to any block in quick on xl0 from 88.0.0.0/5 to any block in quick on xl0 from 96.0.0.0/3 to any block in quick on xl0 from 127.0.0.0/8 to any block in quick on xl0 from 128.0.0.0/16 to any block in quick on xl0 from 128.66.0.0/16 to any block in quick on xl0 from 169.254.0.0/16 to any block in quick on xl0 from 172.17.0.0/12 to any block in quick on xl0 from 191.255.0.0/16 to any block in quick on xl0 from 192.0.0.0/19 to any block in quick on xl0 from 192.0.48.0/20 to any block in quick on xl0 from 192.0.64.0/18 to any block in quick on xl0 from 192.0.128.0/17 to any block in quick on xl0 from 192.168.0.0/16 to any block in quick on xl0 from 197.0.0.0/8 to any block in quick on xl0 from 201.0.0.0/8 to any block in quick on xl0 from 204.152.64.0/23 to any block in quick on xl0 from 224.0.0.0/3 to any block in log quick on xl0 all # Loopback interface pass in quick on lo0 all pass out quick on lo0 all ============================== Kernel config: machine i386 cpu I686_CPU ident GENERIC options SCHED_4BSD options INET options FFS options SOFTUPDATES options UFS_ACL options UFS_DIRHASH options MD_ROOT options PROCFS options PSEUDOFS options COMPAT_43 options COMPAT_FREEBSD4 options SCSI_DELAY=15000 options KTRACE options SYSVSHM options SYSVMSG options SYSVSEM options _KPOSIX_PRIORITY_SCHEDULING options KBD_INSTALL_CDEV options INVARIANT_SUPPORT options TCP_DROP_SYNFIN options SC_DISABLE_DDBKEY options SC_DISABLE_REBOOT options CPU_ENABLE_SSE options CPU_ATHLON_SSE_HACK options IPSEC options IPSTEALTH options IPFILTER options IPFILTER_LOG options IPFILTER_DEFAULT_BLOCK device isa device eisa device pci device ata device atadisk options ATA_STATIC_ID device atkbdc device atkbd device vga device sc device agp device npx device miibus device xl device random device loop device ether device tun device pty device md device gif device bpf device uhci device ohci device usb device umass device scbus device da device pass Thank you. _______________________________________________________________________ This message was scanned and certified Virus Free by Alexssa | HNet. www.alexssa.net www.hnet.net
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20040310163126.BB07243D1F>