Date: Mon, 21 Jul 2003 16:53:02 +0200 (CEST) From: Roderick van Domburg <r.s.a.vandomburg@student.utwente.nl> To: FreeBSD-gnats-submit@FreeBSD.org Subject: sparc64/54712: ``ipfw: getsockopt(IP_FW_ADD): Bad address'' on sparc64 Message-ID: <200307211453.h6LEr2n4004073@stud187236.mobiel.utwente.nl> Resent-Message-ID: <200307211500.h6LF0WPl034140@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 54712 >Category: sparc64 >Synopsis: ``ipfw: getsockopt(IP_FW_ADD): Bad address'' on sparc64 >Confidential: no >Severity: critical >Priority: medium >Responsible: freebsd-sparc64 >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Mon Jul 21 08:00:31 PDT 2003 >Closed-Date: >Last-Modified: >Originator: Roderick van Domburg >Release: FreeBSD 5.1-CURRENT sparc64 >Organization: University of Twente >Environment: System: FreeBSD stud187236.mobiel.utwente.nl 5.1-CURRENT FreeBSD 5.1-CURRENT #1: Mon Jul 21 16:15:59 CEST 2003 roderick@stud187236.mobiel.utwente.nl:/usr/obj/usr/src/sys/E250 sparc64 >Description: After having updated to July 21 sources, ipfw complains when adding firewall rules: ``ipfw: getsockopt(IP_FW_ADD): Bad address''. ipfw is loaded as a module in rc.firewall. Relevant rc.firewall, rc.conf and KERNCONF bits follow. >How-To-Repeat: == Relevant rc.firewall bits == [Cc][Ll][Ii][Ee][Nn][Tt]) ############ # This is a prototype setup that will protect your system somewhat # against people from outside your own network. ############ # set these to your network and netmask and ip net="130.89.191.255" mask="255.255.224.0" ip="130.89.187.236" setup_loopback # Allow any traffic to or from my own net. ${fwcmd} add pass all from ${ip} to ${net}:${mask} ${fwcmd} add pass all from ${net}:${mask} to ${ip} # Allow TCP through if setup succeeded ${fwcmd} add pass tcp from any to any established # Allow IP fragments to pass through ${fwcmd} add pass all from any to any frag # Allow setup of incoming secure shells ${fwcmd} add pass tcp from any to ${ip} 22 setup # Allow setup of incoming email #${fwcmd} add pass tcp from any to ${ip} 25 setup # Allow setup of incoming HTTP connections ${fwcmd} add pass tcp from any to ${ip} 80 setup # Allow setup of outgoing TCP connections only ${fwcmd} add pass tcp from ${ip} to any setup # Disallow setup of all other TCP connections ${fwcmd} add deny tcp from any to any setup # Allow DNS queries out in the world ${fwcmd} add pass udp from ${ip} to any 53 keep-state # Allow NTP queries out in the world ${fwcmd} add pass udp from ${ip} to any 123 keep-state # Everything else is denied by default, unless the # IPFIREWALL_DEFAULT_TO_ACCEPT option is set in your kernel # config file. ;; == Relevant rc.conf bits == hostname="stud187236.mobiel.utwente.nl" ifconfig_hme0="inet 130.89.187.236 netmask 255.255.224.0" defaultrouter="130.89.160.1" firewall_enable="YES" firewall_type="client" == E250 KERNCONF == machine sparc64 cpu SUN4U ident E250 options OFW_NEWPCI options SCHED_4BSD #4BSD scheduler options INET #InterNETworking options FFS #Berkeley Fast Filesystem options SOFTUPDATES #Enable FFS soft updates support options UFS_DIRHASH #Improve performance on big directories options COMPAT_43 #Compatible with BSD 4.3 [KEEP THIS!] options SCSI_DELAY=5000 #Delay (in ms) before probing SCSI options SYSVSHM #SYSV-style shared memory options SYSVMSG #SYSV-style message queues options SYSVSEM #SYSV-style semaphores #options _KPOSIX_PRIORITY_SCHEDULING #Posix P1003_1B real-time extensions # Standard busses device ebus device pci # SCSI Controllers device sym # NCR/Symbios Logic (newer chipsets + those of `ncr') # SCSI peripherals device scbus # SCSI bus (required) device da # Direct Access (disks) device cd # CD device ofw_console # OpenBoot firmware console device # Builtin hardware device genclock # Generic clock interface device eeprom # eeprom (really an ebus driver for the MK48Txx) device "mk48txx" # Mostek MK48T02, MK48T08, MK48T59 clock # PCI Ethernet NICs that use the common MII bus controller code. device miibus # MII bus support device hme # Sun HME (Happy Meal Ethernet) # Pseudo devices - the number indicates how many units to allocated. device random # Entropy device device loop # Network loopback device ether # Ethernet support device pty # Pseudo-ttys (telnet etc) # The `bpf' device enables the Berkeley Packet Filter. # Be aware of the administrative consequences of enabling this! device bpf #Berkeley packet filter # RANDOM_IP_ID causes the ID field in IP packets to be randomized # instead of incremented by 1 with each packet generated. This # option closes a minor information leak which allows remote # observers to determine the rate of packet generation on the # machine by watching the counter. options RANDOM_IP_ID # Statically Link in accept filters options ACCEPT_FILTER_HTTP >Fix: Unknown. >Release-Note: >Audit-Trail: >Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200307211453.h6LEr2n4004073>