From owner-freebsd-stable Mon Jan 28 0:35:38 2002 Delivered-To: freebsd-stable@freebsd.org Received: from hawk.prod.itd.earthlink.net (hawk.mail.pas.earthlink.net [207.217.120.22]) by hub.freebsd.org (Postfix) with ESMTP id 7A2CD37B400 for ; Mon, 28 Jan 2002 00:35:31 -0800 (PST) Received: from dialup-209.247.139.86.dial1.sanjose1.level3.net ([209.247.139.86] helo=blossom.cjclark.org) by hawk.prod.itd.earthlink.net with esmtp (Exim 3.33 #1) id 16V7G3-0001TI-00; Mon, 28 Jan 2002 00:35:25 -0800 Received: (from cjc@localhost) by blossom.cjclark.org (8.11.6/8.11.3) id g0S8YBe28634; Mon, 28 Jan 2002 00:34:11 -0800 (PST) (envelope-from cjc) Date: Mon, 28 Jan 2002 00:34:02 -0800 From: "Crist J. Clark" To: Hervey Wilson Cc: freebsd-stable@FreeBSD.ORG Subject: Re: ipfilter_enable problem on 4.5 Message-ID: <20020128003402.D27080@blossom.cjclark.org> References: <001201c1a7c7$f7b74c40$0301a8c0@neo> <000d01c1a7d0$7396e6b0$0301a8c0@neo> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <000d01c1a7d0$7396e6b0$0301a8c0@neo>; from herveyw@dynamic-cast.com on Sun, Jan 27, 2002 at 11:50:27PM -0800 X-URL: http://people.freebsd.org/~cjc/ Sender: owner-freebsd-stable@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG On Sun, Jan 27, 2002 at 11:50:27PM -0800, Hervey Wilson wrote: > Updated diagnostics inline, appears to be a problem between > /etc/defaults/rc.conf and /etc/rc.network. Maybe I have a bad cvsup or > merge - can anyone confirm the file contents below ? It looks like you did not update your /etc/defaults/rc.conf, $ fgrep ipfilter etc/defaults/rc.conf ipfilter_enable="NO" # Set to YES to enable ipfilter functionality ipfilter_program="/sbin/ipf" # where the ipfilter program lives ipfilter_rules="/etc/ipf.rules" # rules definition file for ipfilter, see # /usr/src/contrib/ipfilter/rules for examples ipfilter_flags="" # additional flags for ipfilter > ----- Original Message ----- > From: "Hervey Wilson" > To: > Sent: Sunday, January 27, 2002 10:49 PM > Subject: ipfilter_enable problem on 4.5 > > > > I just upgraded my server to 4.5 RC from 4-STABLE last cvsup'd late last > > year and it appears that my IP filter configuration is no longer being > > automatically loaded. I know this since it's set to default block and once > > the server boots, I've lost all contact with both the connected networks > and > > the loopback interfaces. Reloading ipfilter using the commands from > rc.conf > > results in a working system. rc.conf has simply: > > > > ipfilter_enable="YES" > > /etc/defaults/rc.conf has: > > ipfilter_program="/sbin/ipf -Fa -f" > ipfilter_rules="/etc/ipf.rules" > ipfilter_flags="-E" > > In rc.network, at the point where IPF is to be loaded, I find: > > ... > echo -n ' ipfilter' > ${ipfilter_program:-/sbin/ipf} -Fa -f "${ipfilter_rules}" ${ipfilter_flags} > ... > > which therefore results in the following command at boot: > > /sbin/ipf -Fa -f -Fa -f /etc/ipf.rules -E > > leading to ipf trying to open a file called "-Fa" as a result of the > duplicate switches. > > > > > With rules in /etc/ipf.rules. IP filter is also compiled into my kernel; I > > see the initialization message during boot but cannot find any other > > messages regarding the load of the rules - has anyone else run into this > or > > can suggest where I look for additional error messages beyond > > /var/log/messages ? > > Finally found the file open error in dmesg, d'oh ;) > > H > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-stable" in the body of the message -- Crist J. Clark | cjclark@alum.mit.edu | cjclark@jhu.edu http://people.freebsd.org/~cjc/ | cjc@freebsd.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message