From nobody@FreeBSD.ORG Wed Mar 17 03:17:27 1999
Return-Path: <nobody@FreeBSD.ORG>
Received: by hub.freebsd.org (Postfix, from userid 32767)
	id 6364714F50; Wed, 17 Mar 1999 03:17:13 -0800 (PST)
Message-Id: <19990317111713.6364714F50@hub.freebsd.org>
Date: Wed, 17 Mar 1999 03:17:13 -0800 (PST)
From: andr@khstu.ru
Sender: nobody@FreeBSD.ORG
To: freebsd-gnats-submit@freebsd.org
Subject: ipfw problems
X-Send-Pr-Version: www-1.0

>Number:         10636
>Category:       kern
>Synopsis:       ipfw problems
>Confidential:   no
>Severity:       critical
>Priority:       high
>Responsible:    freebsd-bugs
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Wed Mar 17 03:20:01 PST 1999
>Closed-Date:    Sat Feb 17 13:07:29 PST 2001
>Last-Modified:  Sat Feb 17 13:08:14 PST 2001
>Originator:     Andrey N. Tuev
>Release:        FreeBSD 4.0 CURRENT
>Organization:
KhSTU
>Environment:
FreeBSD xxx.xxx.xx 4.0-CURRENT FreeBSD 4.0-CURRENT #1: Wed Mar 17 16:02:11
VS 1999     root@router.khstu.ru:/usr/src/sys/compile/wowka  i386              
>Description:
periodically, from time to time in firewall rules appear and disappear rule number 00000


simple output ipfw -a list:

01025               0         0 unreach host-unknown tcp from 195.208.229.183 to any
01026               0         0 unreach host-unknown tcp from 195.208.229.184 to any
00000               0         0 deny ip from any to any ipopt ssrr,lsrr,rr      
00000   3302829851706         0 deny ip from any to any ipopt ssrr,lsrr,rr      
00000   3302829851707         0 deny ip from any to any ipopt ssrr,lsrr,rr      
00000   3302829851708         0 deny ip from any to any ipopt 
ssrr,lsrr,rr      
-------------------------------------------------------

00000 1843712195 4294967295 deny ip from any to any 
00000 1860489411 4294967295 deny ip from any to any 
00000 1877266627 4294967295 deny ip from any to any 

----------------------------------------------------
10107      0               0 count ip from any to 195.208.230.244 via ed0
10108      0               0 count ip from any to 195.208.230.245 via ed0
00000      0               0 fwd 37.4.0.0 ip from any to any             
00000      0               0 fwd 38.4.0.0 ip from any to any             
00000      0               0 fwd 38.4.0.0 ip from any to any             
00000      0               0 fwd 39.4.0.0 ip from any to any             
00000      0       921656756 fwd 39.4.0.0 ip from any to any             
00000      0               0 fwd 40.4.0.0 ip from any to any
-----------------------------------------

simple output ipfw list:

00000 deny ip from 0.0.0.0:40.40.0.0 to 255.255.255.255:3.15.3.0 ipopt lsrr,rr,!rr 
00000 deny ip from 0.0.0.0:41.40.0.0 to 255.255.255.255:3.15.3.0 ipopt lsrr,rr,!rr 
00000 deny ip from 0.0.0.0:42.40.0.0 to 255.255.255.255:3.15.3.0 ipopt lsrr,rr,!rr 
00000 deny ip from 0.0.0.0:43.40.0.0 to 255.255.255.255:3.15.3.0 ipopt  lsrr,rr,!rr 
00000 deny ip from 0.0.0.0:44.40.0.0 to 255.255.255.255:3.15.3.0 ipopt lsrr,rr,!rr 
00000 deny ip from 0.0.0.0:45.40.0.0 to 255.255.255.255:3.15.3.0 ipopt lsrr,rr,!rr 
00000 deny ip from 0.0.0.0:46.40.0.0 to 255.255.255.255:3.15.3.0 ipopt lsrr,rr,!rr 
00000 deny ip from 0.0.0.0:47.40.0.0 to 255.255.255.255:3.15.3.0 ipopt lsrr,rr,!rr 
00000 deny ip from 0.0.0.0:48.40.0.0 to 255.255.255.255:3.15.3.0 ipopt lsrr,rr,!rr 
00000 deny ip from 0.0.0.0:49.40.0.0 to 255.255.255.255:3.15.3.0 ipopt lsrr,rr,!rr 

>How-To-Repeat:
periodically ~ 10 - 50 minutes 
>Fix:
unknown

>Release-Note:
>Audit-Trail:
State-Changed-From-To: open->closed 
State-Changed-By: luigi 
State-Changed-When: Sat Feb 17 13:07:29 PST 2001 
State-Changed-Why:  
this problem typically occurs when userland ipfw and the kernel 
are out of sync. 


http://www.freebsd.org/cgi/query-pr.cgi?pr=10636 
>Unformatted:
