From marck@woozle.rinet.ru  Thu Nov 28 16:00:43 2013
Return-Path: <marck@woozle.rinet.ru>
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1])
	(using TLSv1 with cipher ADH-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by hub.freebsd.org (Postfix) with ESMTPS id DCFE2CEA
	for <FreeBSD-gnats-submit@freebsd.org>; Thu, 28 Nov 2013 16:00:43 +0000 (UTC)
Received: from woozle.rinet.ru (woozle.rinet.ru [195.54.192.68])
	(using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by mx1.freebsd.org (Postfix) with ESMTPS id 53091165C
	for <FreeBSD-gnats-submit@freebsd.org>; Thu, 28 Nov 2013 16:00:42 +0000 (UTC)
Received: from woozle.rinet.ru (localhost [127.0.0.1])
	by woozle.rinet.ru (8.14.5/8.14.5) with ESMTP id rASG0Zro012104
	for <FreeBSD-gnats-submit@freebsd.org>; Thu, 28 Nov 2013 20:00:35 +0400 (MSK)
	(envelope-from marck@woozle.rinet.ru)
Received: (from marck@localhost)
	by woozle.rinet.ru (8.14.5/8.14.5/Submit) id rASG0ZnB012103;
	Thu, 28 Nov 2013 20:00:35 +0400 (MSK)
	(envelope-from marck)
Message-Id: <201311281600.rASG0ZnB012103@woozle.rinet.ru>
Date: Thu, 28 Nov 2013 20:00:35 +0400 (MSK)
From: Dmitry Morozovsky <marck@freebsd.org>
Reply-To: Dmitry Morozovsky <marck@freebsd.org>
To: FreeBSD-gnats-submit@freebsd.org
Cc:
Subject: ipfw failed to restart if tables are used
X-Send-Pr-Version: 3.113
X-GNATS-Notify:

>Number:         184355
>Category:       conf
>Synopsis:       [rc.firewall] [patch] ipfw failed to restart if tables are used
>Confidential:   no
>Severity:       serious
>Priority:       high
>Responsible:    freebsd-rc
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Thu Nov 28 16:10:03 UTC 2013
>Closed-Date:    
>Last-Modified:  Sun Dec 08 23:57:59 UTC 2013
>Originator:     Dmitry Morozovsky
>Release:        any
>Organization:
Cronyx Plus LLC (RiNet ISP)
>Environment:
System: FreeBSD of any version.


>Description:

If ipfw tables are configured in firewall rc script, ipfw service can not be
restarted and failed on duplicate table entry, usually rendering the system in
question network cut.

>How-To-Repeat:

- configure at least one table entry in firewall script
- issue
service ipfw restart


>Fix:


Index: etc/rc.firewall
===================================================================
--- etc/rc.firewall	(revision 258710)
+++ etc/rc.firewall	(working copy)
@@ -137,6 +137,7 @@
 # Flush out the list before we begin.
 #
 ${fwcmd} -f flush
+${fwcmd} -f table all flush
 
 setup_loopback
 setup_ipv6_mandatory
>Release-Note:
>Audit-Trail:
Responsible-Changed-From-To: freebsd-bugs->freebsd-rc 
Responsible-Changed-By: linimon 
Responsible-Changed-When: Mon Dec 2 06:11:48 UTC 2013 
Responsible-Changed-Why:  
Over to maintainer(s). 

http://www.freebsd.org/cgi/query-pr.cgi?pr=184355 
>Unformatted:
