From owner-freebsd-stable Tue Mar 13 18:32:30 2001 Delivered-To: freebsd-stable@freebsd.org Received: from nova.fnal.gov (nova.fnal.gov [131.225.121.207]) by hub.freebsd.org (Postfix) with ESMTP id 22E8D37B719 for ; Tue, 13 Mar 2001 18:32:27 -0800 (PST) (envelope-from zingelman@fnal.gov) Received: from localhost (tez@localhost) by nova.fnal.gov (8.9.3+Sun/8.9.3) with ESMTP id UAA28728 for ; Tue, 13 Mar 2001 20:37:49 -0600 (CST) X-Authentication-Warning: nova.fnal.gov: tez owned process doing -bs Date: Tue, 13 Mar 2001 20:37:49 -0600 (CST) From: Tim Zingelman X-Sender: To: Subject: /etc/default/rc.conf bad default ipfilter_flags? Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-stable@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG Running 4.3-Beta, cvsupped early on 3/13/01. These lines are either confusing or wrong. Possibly something has changed in the default state (now enabled?) of the ipfilter module. ipfilter_flags="-E" # should be *empty* when ipf is _not_ a module # (i.e. compiled into the kernel) to # avoid a warning about "already initialized" I load ipf as a module by adding a line to /boot/loader.conf: ipl_load="YES" Running a GENERIC kernel. I have a valid rules file at /etc/ipf.rules I add the following line to /etc/rc.conf: ipfilter_enable="YES" and when I boot I get... from dmesg: IP Filter: v3.4.16 initialized. Default = pass all, Logging = enabled from /var/log/console.log: Mar 13 19:32:59 port /kernel: Doing initial network setup: Mar 13 19:32:59 port /kernel: hostname Mar 13 19:32:59 port /kernel: ipfilter Mar 13 19:32:59 port /kernel: SIOCFRENB: Invalid argument Mar 13 19:32:59 port /kernel: . Mar 13 19:32:59 port /kernel: fxp0: flags=8843