Skip site navigation (1)Skip section navigation (2) 
Date:      Mon, 17 Mar 2014 16:30:06 GMT
From:      wishmaster <artemrts@ukr.net>
To:        freebsd-gnats-submit@FreeBSD.org
Subject:   misc/187665: unable to disable IPFW with VIMAGE
Message-ID:  <201403171630.s2HGU64r000780@cgiserv.freebsd.org>
Resent-Message-ID: <201403171640.s2HGe1ST016992@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help 

>Number:         187665
>Category:       misc
>Synopsis:       unable to disable IPFW with VIMAGE
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    freebsd-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Mon Mar 17 16:40:01 UTC 2014
>Closed-Date:
>Last-Modified:
>Originator:     wishmaster
>Release:        10.0-STABLE
>Organization:
IT Service
>Environment:
FreeBSD sms 10.0-STABLE FreeBSD 10.0-STABLE #4 r263247: Mon Mar 17 17:11:20 EET 2014     wishmaster@sms:/usr/obj/usr/src/sys/SMS  i386

>Description:
System with 10.0-STABLE. I use Jail with VIMAGE support and I am unable to disable IPFW in Jail via sysctl net.inet.ip.fw.enable=0 because this sysctl is absent in jail host (and in base host too).

# sysctl net.inet.ip.fw
net.inet.ip.fw.one_pass: 0
net.inet.ip.fw.autoinc_step: 100
net.inet.ip.fw.verbose: 0
net.inet.ip.fw.verbose_limit: 0
net.inet.ip.fw.default_rule: 65535
net.inet.ip.fw.tables_max: 128
net.inet.ip.fw.default_to_accept: 1
net.inet.ip.fw.static_count: 134
net.inet.ip.fw.dyn_buckets: 256
net.inet.ip.fw.curr_dyn_buckets: 256
net.inet.ip.fw.dyn_count: 19
net.inet.ip.fw.dyn_max: 16384
net.inet.ip.fw.dyn_ack_lifetime: 3600
net.inet.ip.fw.dyn_syn_lifetime: 20
net.inet.ip.fw.dyn_fin_lifetime: 1
net.inet.ip.fw.dyn_rst_lifetime: 1
net.inet.ip.fw.dyn_udp_lifetime: 20
net.inet.ip.fw.dyn_short_lifetime: 10
net.inet.ip.fw.dyn_keepalive: 1

This problem occures both when IPFW as module and compilled in kernel.

Another host

FreeBSD db 10.0-PRERELEASE FreeBSD 10.0-PRERELEASE #0 r260982: W                                              ed Jan 22 00:54:30 EET 2014     wishmaster@db:/usr/obj/usr/src/s                                              ys/MY_10  i386

without this problem.

>How-To-Repeat:
Install BreeBSD 10 STABLE at least revision 263247.

>Fix:
Don't know...

>Release-Note:
>Audit-Trail:
>Unformatted:

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201403171630.s2HGU64r000780>