From nobody@FreeBSD.ORG  Thu Dec 16 02:37:11 1999
Return-Path: <nobody@FreeBSD.ORG>
Received: by hub.freebsd.org (Postfix, from userid 32767)
	id 0081514D0A; Thu, 16 Dec 1999 02:37:10 -0800 (PST)
Message-Id: <19991216103710.0081514D0A@hub.freebsd.org>
Date: Thu, 16 Dec 1999 02:37:10 -0800 (PST)
From: johan@link-data.com
Sender: nobody@FreeBSD.ORG
To: freebsd-gnats-submit@freebsd.org
Subject: kernel or ipfw drops rules sometimes
X-Send-Pr-Version: www-1.0

>Number:         15513
>Category:       kern
>Synopsis:       kernel or ipfw drops rules sometimes
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    freebsd-bugs
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Thu Dec 16 02:40:02 PST 1999
>Closed-Date:    Wed Jan 19 01:47:52 PST 2000
>Last-Modified:  Wed Jan 19 01:51:07 PST 2000
>Originator:     Johan Lindh
>Release:        3.3-RELEASE
>Organization:
Link Data Stockholm
>Environment:
FreeBSD firewall.pcexpress.se 3.3-RELEASE FreeBSD 3.3-RELEASE #1: Wed Dec 15 12:56:28 CET 1999     joli@firewall.pcexpress.se:/usr/src/sys/compile/FIREWALL  i386
>Description:
When generating the firewall ruleset using a script (say, fireup.sh), and calling another script from that one, (say, fire-www.sh), the rules that the second script creates gets dropped somehow.

They're initially in the firewall, but after the "periodic daily" scripts get run they are not.

>How-To-Repeat:
Create a fireup.sh firewall script that calls another firewall script using "./fireup-2.sh" (or whatever you called the second). Call fireup.sh from "/etc/rc.conf.local".

Let the system run across 01:59:00.

>Fix:
It probably fixes the problem if you put all the rules in one file, or
if you use an absolute path to the second firewall script.
You could probably also fix it by killing the periodic/daily scripts.

The correct way is of course to fix the periodic/daily scripts. Why are they messing with the firewall at all?


>Release-Note:
>Audit-Trail:
State-Changed-From-To: open->closed 
State-Changed-By: ru 
State-Changed-When: Wed Jan 19 01:47:52 PST 2000 
State-Changed-Why:  
Cannot reproduce, believed to be the pilot error. 
Originator is advised to provide some additional 
details and discuss the problem on freebsd-bugs. 
>Unformatted:
