From owner-freebsd-stable Sun Jan 27 23:50:34 2002 Delivered-To: freebsd-stable@freebsd.org Received: from mail.dynamic-cast.com (ip4.gte4.rb1.bel.nwlink.com [209.20.215.4]) by hub.freebsd.org (Postfix) with ESMTP id 958AF37B404 for ; Sun, 27 Jan 2002 23:50:29 -0800 (PST) Received: from neo (neo.private.dynamic-cast.com [192.168.1.3]) by mail.dynamic-cast.com (Postfix) with SMTP id 1C6F9D905 for ; Sun, 27 Jan 2002 23:50:29 -0800 (PST) Message-ID: <000d01c1a7d0$7396e6b0$0301a8c0@neo> From: "Hervey Wilson" To: References: <001201c1a7c7$f7b74c40$0301a8c0@neo> Subject: Re: ipfilter_enable problem on 4.5 Date: Sun, 27 Jan 2002 23:50:27 -0800 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2600.0000 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 Sender: owner-freebsd-stable@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Updated diagnostics inline, appears to be a problem between /etc/defaults/rc.conf and /etc/rc.network. Maybe I have a bad cvsup or merge - can anyone confirm the file contents below ? H ----- Original Message ----- From: "Hervey Wilson" To: Sent: Sunday, January 27, 2002 10:49 PM Subject: ipfilter_enable problem on 4.5 > I just upgraded my server to 4.5 RC from 4-STABLE last cvsup'd late last > year and it appears that my IP filter configuration is no longer being > automatically loaded. I know this since it's set to default block and once > the server boots, I've lost all contact with both the connected networks and > the loopback interfaces. Reloading ipfilter using the commands from rc.conf > results in a working system. rc.conf has simply: > > ipfilter_enable="YES" /etc/defaults/rc.conf has: ipfilter_program="/sbin/ipf -Fa -f" ipfilter_rules="/etc/ipf.rules" ipfilter_flags="-E" In rc.network, at the point where IPF is to be loaded, I find: ... echo -n ' ipfilter' ${ipfilter_program:-/sbin/ipf} -Fa -f "${ipfilter_rules}" ${ipfilter_flags} ... which therefore results in the following command at boot: /sbin/ipf -Fa -f -Fa -f /etc/ipf.rules -E leading to ipf trying to open a file called "-Fa" as a result of the duplicate switches. > > With rules in /etc/ipf.rules. IP filter is also compiled into my kernel; I > see the initialization message during boot but cannot find any other > messages regarding the load of the rules - has anyone else run into this or > can suggest where I look for additional error messages beyond > /var/log/messages ? Finally found the file open error in dmesg, d'oh ;) H To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message