From rizzo@carp.icir.org  Sun Oct 20 12:26:06 2002
Return-Path: <rizzo@carp.icir.org>
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id A3A5837B401
	for <FreeBSD-gnats-submit@freebsd.org>; Sun, 20 Oct 2002 12:26:06 -0700 (PDT)
Received: from carp.icir.org (carp.icir.org [192.150.187.71])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 3046943E6E
	for <FreeBSD-gnats-submit@freebsd.org>; Sun, 20 Oct 2002 12:26:06 -0700 (PDT)
	(envelope-from rizzo@carp.icir.org)
Received: from carp.icir.org (localhost [127.0.0.1])
	by carp.icir.org (8.12.3/8.12.3) with ESMTP id g9KJQ0pJ007533;
	Sun, 20 Oct 2002 12:26:00 -0700 (PDT)
	(envelope-from rizzo@carp.icir.org)
Received: (from rizzo@localhost)
	by carp.icir.org (8.12.3/8.12.3/Submit) id g9KJQ0uH007532;
	Sun, 20 Oct 2002 12:26:00 -0700 (PDT)
	(envelope-from rizzo)
Message-Id: <20021020122600.A7500@carp.icir.org>
Date: Sun, 20 Oct 2002 12:26:00 -0700
From: Luigi Rizzo <luigi@freebsd.org>
To: Chris Pepper <pepper@rockefeller.edu>
Cc: FreeBSD-gnats-submit@freebsd.org
In-Reply-To: <20021020191841.4DF27AA8B@www.reppep.com>; from pepper@rockefeller.edu on Sun, Oct 20, 2002 at 03:18:41PM -0400
Subject: Re: IPFW2 broken in recent 4.7-STABLE??
References: <20021020191841.4DF27AA8B@www.reppep.com>

>Number:         44313
>Category:       kern
>Synopsis:       Re: IPFW2 broken in recent 4.7-STABLE??
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    gnats-admin
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Sun Oct 20 12:30:03 PDT 2002
>Closed-Date:    Sun Oct 20 13:46:22 PDT 2002
>Last-Modified:  Thu Oct 07 18:11:20 GMT 2004
>Originator:     
>Release:        
>Organization:
>Environment:
>Description:
 you have a mismatch between kernel and userland. Probably an
 ipfw2 in userland and still ipfw1 in the kernel.
 
 	cheers
 	luigi
 
 On Sun, Oct 20, 2002 at 03:18:41PM -0400, Chris Pepper wrote:
 > 	
 > >Submitter-Id:	current-users
 > >Originator:	Chris Pepper
 > >Organization:	
 > >Confidential:	no 
 > >Synopsis:	IPFW2 broken in recent 4.7-STABLE??
 > >Severity:	serious
 > >Priority:	medium
 > >Category:	kern
 > >Class:		sw-bug
 > >Release:	FreeBSD 4.7-STABLE i386
 > >Environment:
 > System: FreeBSD www.reppep.com 4.7-STABLE FreeBSD 4.7-STABLE #4: Sun Oct 20 01:54:39 EDT 2002 root@www.reppep.com:/usr/obj/usr/src/sys/GENERIC i386
 > 
 > 
 > 	
 > >Description:
 > 	Last night I enabled IPFW in /etc/rc.conf with the "open" ruleset. Traffic was flowing, and "ipfw -atNde l" showed the expected 5 rules. Here are my entries from rc.conf:
 > 
 > firewall_enable="YES"		# Set to YES to enable firewall functionality
 > firewall_script="/etc/rc.firewall" # Which script to run to set up the firewall
 > firewall_type="open"		# Firewall type (see /etc/rc.firewall)
 > firewall_quiet="NO"		# Set to YES to suppress rule display
 > firewall_logging="YES"		# Set to YES to enable events logging
 > firewall_flags=""		# Flags passed to ipfw when type is a file
 > 
 > 	Half an hour ago, I added IPFW2=TRUE to /etc/make.conf and rebuild my kernel from a cvsup this morning, and IPFW stopped passing traffic (no access in or out of the box, Samba and other daemons started reporting permission denied errors). "ipfw -atNde  l" returned the following (repeating over 100mb without line breaks, before I gave up and stopped it):
 > 
 > [www:~] root# more ipfw-atNde-l.txt 
 > 00141 38749194944512          0                           ip from any to any [op
 > code 0 len 0] [opcode 0 len 0] [opcode 0 len 0] [opcode 0 len 0] [opcode 0 len 0
 > ] [opcode 0 len 0] [opcode 0 len 0] [opcode 0 len 0] [opcode 0 len 0] [opcode 0 
 > len 0] [opcode 0 len 0] [opcode 0 len 0] [opcode 0 len 0] [opcode 0 len 0] [opco
 > de 0 len 0] [opcode 0 len 0] [opcode 0 len 0] [opcode 0 len 0] [opcode 0 len 0] 
 > [opcode 0 len 0] [opcode 0 len 0] [opcode 0 len 0] [opcode 0 len 0] [opcode 0 le
 > n 0] [opcode 0 len 0] [opcode 0 len 0] [opcode 0 len 0] [opcode 0 len 0] [opcode
 > 
 > 	firewall_enable="NO" in /etc/rc.conf restored connectivity, but I would like to get IPFW2 working so I can use OR rules.
 > 	
 > >How-To-Repeat:
 > 	Rebuild current 4.7-STABLE with IPFW2=TRUE in /etc/make.conf; enable IPFW with "open" type firewall in /etc/rc.conf. Attempt to pass traffic or open listeners.
 > 	
 > >Fix:
 > 
>How-To-Repeat:
>Fix:
>Release-Note:
>Audit-Trail:
State-Changed-From-To: open->closed 
State-Changed-By: tom 
State-Changed-When: Sun Oct 20 13:45:54 PDT 2002 
State-Changed-Why:  
Stray follow-up to kern/44311 

http://www.freebsd.org/cgi/query-pr.cgi?pr=44313 
>Unformatted:
