Date: Mon, 28 Jan 2002 00:34:02 -0800 From: "Crist J. Clark" <cjc@FreeBSD.ORG> To: Hervey Wilson <herveyw@dynamic-cast.com> Cc: freebsd-stable@FreeBSD.ORG Subject: Re: ipfilter_enable problem on 4.5 Message-ID: <20020128003402.D27080@blossom.cjclark.org> In-Reply-To: <000d01c1a7d0$7396e6b0$0301a8c0@neo>; from herveyw@dynamic-cast.com on Sun, Jan 27, 2002 at 11:50:27PM -0800 References: <001201c1a7c7$f7b74c40$0301a8c0@neo> <000d01c1a7d0$7396e6b0$0301a8c0@neo>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sun, Jan 27, 2002 at 11:50:27PM -0800, Hervey Wilson wrote:
> Updated diagnostics inline, appears to be a problem between
> /etc/defaults/rc.conf and /etc/rc.network. Maybe I have a bad cvsup or
> merge - can anyone confirm the file contents below ?
It looks like you did not update your /etc/defaults/rc.conf,
$ fgrep ipfilter etc/defaults/rc.conf
ipfilter_enable="NO" # Set to YES to enable ipfilter functionality
ipfilter_program="/sbin/ipf" # where the ipfilter program lives
ipfilter_rules="/etc/ipf.rules" # rules definition file for ipfilter, see
# /usr/src/contrib/ipfilter/rules for examples
ipfilter_flags="" # additional flags for ipfilter
> ----- Original Message -----
> From: "Hervey Wilson" <herveyw@dynamic-cast.com>
> To: <freebsd-stable@freebsd.org>
> Sent: Sunday, January 27, 2002 10:49 PM
> Subject: ipfilter_enable problem on 4.5
>
>
> > I just upgraded my server to 4.5 RC from 4-STABLE last cvsup'd late last
> > year and it appears that my IP filter configuration is no longer being
> > automatically loaded. I know this since it's set to default block and once
> > the server boots, I've lost all contact with both the connected networks
> and
> > the loopback interfaces. Reloading ipfilter using the commands from
> rc.conf
> > results in a working system. rc.conf has simply:
> >
> > ipfilter_enable="YES"
>
> /etc/defaults/rc.conf has:
>
> ipfilter_program="/sbin/ipf -Fa -f"
> ipfilter_rules="/etc/ipf.rules"
> ipfilter_flags="-E"
>
> In rc.network, at the point where IPF is to be loaded, I find:
>
> ...
> echo -n ' ipfilter'
> ${ipfilter_program:-/sbin/ipf} -Fa -f "${ipfilter_rules}" ${ipfilter_flags}
> ...
>
> which therefore results in the following command at boot:
>
> /sbin/ipf -Fa -f -Fa -f /etc/ipf.rules -E
>
> leading to ipf trying to open a file called "-Fa" as a result of the
> duplicate switches.
>
> >
> > With rules in /etc/ipf.rules. IP filter is also compiled into my kernel; I
> > see the initialization message during boot but cannot find any other
> > messages regarding the load of the rules - has anyone else run into this
> or
> > can suggest where I look for additional error messages beyond
> > /var/log/messages ?
>
> Finally found the file open error in dmesg, d'oh ;)
>
> H
>
>
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-stable" in the body of the message
--
Crist J. Clark | cjclark@alum.mit.edu
| cjclark@jhu.edu
http://people.freebsd.org/~cjc/ | cjc@freebsd.org
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-stable" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020128003402.D27080>