From tez@habanero.fnal.gov  Wed Mar 14 11:46:54 2001
Return-Path: <tez@habanero.fnal.gov>
Received: from habanero.fnal.gov (habanero.fnal.gov [131.225.121.127])
	by hub.freebsd.org (Postfix) with ESMTP id 9735E37B718
	for <FreeBSD-gnats-submit@freebsd.org>; Wed, 14 Mar 2001 11:46:53 -0800 (PST)
	(envelope-from tez@habanero.fnal.gov)
Received: (from tez@localhost)
	by habanero.fnal.gov (8.11.3/8.11.3) id f2EJlAR08005;
	Wed, 14 Mar 2001 13:47:10 -0600 (CST)
	(envelope-from tez)
Message-Id: <200103141947.f2EJlAR08005@habanero.fnal.gov>
Date: Wed, 14 Mar 2001 13:47:10 -0600 (CST)
From: zingelman@fnal.gov
Reply-To: zingelman@fnal.gov
To: FreeBSD-gnats-submit@freebsd.org
Cc:
Subject: /etc/default/rc.conf bad default ipfilter_flags
X-Send-Pr-Version: 3.113
X-GNATS-Notify:

>Number:         25809
>Category:       conf
>Synopsis:       /etc/default/rc.conf bad default ipfilter_flags
>Confidential:   no
>Severity:       non-critical
>Priority:       medium
>Responsible:    freebsd-bugs
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          update
>Submitter-Id:   current-users
>Arrival-Date:   Wed Mar 14 11:50:01 PST 2001
>Closed-Date:    Thu Jan 10 17:36:40 PST 2002
>Last-Modified:  Thu Jan 10 17:37:58 PST 2002
>Originator:     Tim Zingelman
>Release:        FreeBSD 4.3-BETA i386
>Organization:
Fermilab
>Environment:
System: FreeBSD habanero.fnal.gov 4.3-BETA FreeBSD 4.3-BETA #1: Tue Mar 13 20:20:50 CST 2001 toor@habanero.fnal.gov:/usr/obj/usr/src/sys/GENERIC i386

>Description:
ipfilter kernel module no longer requires -E argument to /sbin/ipf command
at system startup time.  Using it results in "SIOCFRENB: Invalid argument"
message on system console.  ipfilter still works as expected.

>How-To-Repeat:
Add to /boot/loader.conf: ipl_load="YES"
Add to /etc/rc.conf: ipfilter_enable="YES"
Create valid /etc/ipf.rules
Reboot & look at console output or log

>Fix:

--- /etc/defaults/rc.conf	Tue Mar 13 20:29:35 2001
+++ /etc/defaults/rc.conf.new	Wed Mar 14 13:33:12 2001
@@ -62,9 +62,7 @@
 				# see /etc/rc.network (pass1) for details
 ipfilter_rules="/etc/ipf.rules"	# rules definition file for ipfilter, see
 				# /usr/src/contrib/ipfilter/rules for examples
-ipfilter_flags="-E"		# should be *empty* when ipf is _not_ a module
-				# (i.e. compiled into the kernel) to
-				# avoid a warning about "already initialized"
+ipfilter_flags=""		# Flags to ipfilter (if enabled).
 ipnat_enable="NO"		# Set to YES for ipnat; needs ipfilter, too!
 ipnat_program="/sbin/ipnat -CF -f" # program and how to specify rules file
 ipnat_rules="/etc/ipnat.rules"	# rules definition file for ipnat

##end-pr##
>Release-Note:
>Audit-Trail:

From: Tim Zingelman <zingelman@fnal.gov>
To: <freebsd-gnats-submit@FreeBSD.org>
Cc:  
Subject: Re: conf/25809: /etc/default/rc.conf bad default ipfilter_flags
Date: Wed, 14 Mar 2001 14:48:26 -0600 (CST)

 I can confirm also that the -E flag does NOT cause the module to be
 automatically loaded.
 
   - Tim
 
State-Changed-From-To: open->feedback 
State-Changed-By: keramida 
State-Changed-When: Wed Jan 9 10:00:14 PST 2002 
State-Changed-Why:  
In revision 1.112 of src/etc/rc.network the ipfilter code was largely 
replaced by a version written by Arjan de Vet.  Does this problem 
still persist? 

http://www.FreeBSD.org/cgi/query-pr.cgi?pr=25809 
State-Changed-From-To: feedback->closed 
State-Changed-By: keramida 
State-Changed-When: Thu Jan 10 17:36:40 PST 2002 
State-Changed-Why:  
Hurray!  Tim says that the problem is gone with the latest ipfilter 
fixes, so this can be closed.  Thank you, Tim, for your speedy feedback. 

http://www.FreeBSD.org/cgi/query-pr.cgi?pr=25809 
>Unformatted:
