Skip site navigation (1)Skip section navigation (2) 
Date:      Sun, 27 Jan 2002 23:50:27 -0800
From:      "Hervey Wilson" <herveyw@dynamic-cast.com>
To:        <freebsd-stable@freebsd.org>
Subject:   Re: ipfilter_enable problem on 4.5
Message-ID:  <000d01c1a7d0$7396e6b0$0301a8c0@neo>
References:  <001201c1a7c7$f7b74c40$0301a8c0@neo>
next in thread | previous in thread | raw e-mail | index | archive | help 
Updated diagnostics inline, appears to be a problem between
/etc/defaults/rc.conf and /etc/rc.network. Maybe I have a bad cvsup or
merge - can anyone confirm the file contents below ?

H

----- Original Message -----
From: "Hervey Wilson" <herveyw@dynamic-cast.com>
To: <freebsd-stable@freebsd.org>
Sent: Sunday, January 27, 2002 10:49 PM
Subject: ipfilter_enable problem on 4.5


> I just upgraded my server to 4.5 RC from 4-STABLE last cvsup'd late last
> year and it appears that my IP filter configuration is no longer being
> automatically loaded. I know this since it's set to default block and once
> the server boots, I've lost all contact with both the connected networks
and
> the loopback interfaces. Reloading ipfilter using the commands from
rc.conf
> results in a working system. rc.conf has simply:
>
> ipfilter_enable="YES"

/etc/defaults/rc.conf has:

ipfilter_program="/sbin/ipf -Fa -f"
ipfilter_rules="/etc/ipf.rules"
ipfilter_flags="-E"

In rc.network, at the point where IPF is to be loaded, I find:

...
echo -n ' ipfilter'
${ipfilter_program:-/sbin/ipf} -Fa -f "${ipfilter_rules}" ${ipfilter_flags}
...

which therefore results in the following command at boot:

/sbin/ipf -Fa -f -Fa -f /etc/ipf.rules -E

leading to ipf trying to open a file called "-Fa" as a result of the
duplicate switches.

>
> With rules in /etc/ipf.rules. IP filter is also compiled into my kernel; I
> see the initialization message during boot but cannot find any other
> messages regarding the load of the rules - has anyone else run into this
or
> can suggest where I look for additional error messages beyond
> /var/log/messages ?

Finally found the file open error in dmesg, d'oh ;)

H


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-stable" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?000d01c1a7d0$7396e6b0$0301a8c0>