From owner-freebsd-security@FreeBSD.ORG Wed Oct 26 12:57:03 2005 Return-Path: X-Original-To: freebsd-security@freebsd.org Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 4C63816A41F for ; Wed, 26 Oct 2005 12:57:03 +0000 (GMT) (envelope-from jjfitzgerald@gmail.com) Received: from wproxy.gmail.com (wproxy.gmail.com [64.233.184.203]) by mx1.FreeBSD.org (Postfix) with ESMTP id 85E4143D5A for ; Wed, 26 Oct 2005 12:56:52 +0000 (GMT) (envelope-from jjfitzgerald@gmail.com) Received: by wproxy.gmail.com with SMTP id 71so56013wra for ; Wed, 26 Oct 2005 05:56:52 -0700 (PDT) DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:to:subject:cc:in-reply-to:mime-version:content-type:references; b=uinc85+PGPlbfHnGCfRA9Kk+7oXQBEVKr077Mu9VB0Zf74lImkprC7kv9v5urska7YXWz3jbPO+i0sNEnJ+TzF7YMkwRwmahNE0iuax7QtBCff6pvgItgYqaCIdEugwo26XMJDfHyCJAoRl8bgIw9Bh34be6+/XpvBi3H3LoxNQ= Received: by 10.54.120.6 with SMTP id s6mr400166wrc; Wed, 26 Oct 2005 05:56:52 -0700 (PDT) Received: by 10.54.101.14 with HTTP; Wed, 26 Oct 2005 05:56:52 -0700 (PDT) Message-ID: <5e49673f0510260556m1471c5bbme68d9b86681cf1ae@mail.gmail.com> Date: Wed, 26 Oct 2005 08:56:52 -0400 From: John Fitzgerald To: claco@chrislaco.com In-Reply-To: <435F7A98.9010800@chrislaco.com> MIME-Version: 1.0 References: <5e49673f0510251032w38312bb7kb082b15d97d00082@mail.gmail.com> <20051026071948.GI52933@fw.wtp3.org> <5e49673f0510260525m796f8b06g2a9176e4858c1708@mail.gmail.com> <435F7A98.9010800@chrislaco.com> Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Content-Disposition: inline X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Cc: freebsd-security@freebsd.org, Krzysztof Stryjek Subject: Re: ipf stopped working on 5.3 X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 26 Oct 2005 12:57:03 -0000 It doesn't work on boot or after ipf -D; ipf -E -f /etc/ipf.rules. My rc.conf specifies the rules file so it's the same thing and I don't have an= y other scripts that could be interfering with it (that I know of). The only thing they installed that might have affected it (?) is "cronolog"= . I've never used it before and it just appears to be a log parser. Other tha= n that, it's just a web box so I have openssl, mod_ssl, mod_perl, mason, php, mysql, and apache installed with nothing else to speak of. I don't like a lot of miscellany on my servers so it's hard to say that it might be a conflict with something that was put on there. -JJ On 10/26/05, Christopher H. Laco wrote: > > John Fitzgerald wrote: > > Yeah, options INET6 is already in there (by default). It's curious that > it > > would stop working on one of my servers, yet remain functional on the > other. > > > > -JJ > > > > I missed most of this thread, so I'm sure this has been covered. > > Does it just not work after boot, but works after issuing ipf -Fav -f > /etc/ipf.rules? > > I spent a couple of days trying to figure out why my ipf rules were > loading on boot...and the it turned out to be the fact that I put bash > in my roots .cshrc file...it was short cirtuiting the startup scripts > for ipf... > > -=3DChris > > >