>Number: 188481 >Category: conf >Synopsis: ipfilter fails to initialize on simple install with default >kernel and rc.conf set to ipf defaults on multiple Intel x86 64 bit CPU >architecture >Confidential: no >Severity: non-critical >Priority: low >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Fri Apr 11 21:10:01 UTC 2014 >Closed-Date: >Last-Modified: >Originator: Jim Sanders >Release: 10 production dated Jan 16 2014 >Organization: None >Environment: root@zues:~ # uname -a FreeBSD zues.netdataltd.com 10.0-RELEASE FreeBSD 10.0-RELEASE #0 r260789: Thu Jan 16 22:34:59 UTC 2014 r...@snap.freebsd.org:/usr/obj/usr/src/sys/GENERIC amd64
>Description: Previously to just nows output below from simple ipf commands showed that an error was occuring perhaps with the kernel module but it mentioned a missing file so that is a wierd error for IPF to be exhibiting any way right? So mainly I have a bug report to just show that running IPFTEST fails. It gives a segmentation fault on iptest wtih a fully ttested ipfilter file root@zues:~ # ipf -E root@zues:~ # root@zues:~ # ipf -f /etc/ipf/ipf.conf root@zues:~ # ipftest -vr /etc/ipf/ipf.conf pass in quick on lo0(!) inet proto icmp from 127.0.0.0/8 to 127.0.0.0/8 with short block in log quick from any to any with short block in log quick inet from any to any with opt lsrr block in log quick inet from any to any with opt ssrr pass in quick on lo0(!) all pass out quick on lo0(!) all block in log on age0(!) from any to any block out log on age0(!) from any to any pass in quick on age0(!) inet proto tcp from any to age0/32 port = ssh keep state # count 0 Segmentation fault (core dumped) >How-To-Repeat: install from disk1.iso and just add a ipf.conf file for the rules like this below and you add the lines recommended to rc.conf also below after the rules and you get the error in fbsd 10 but not in fbsd 9: HERE IS RULES FILE /etc/ipf/ifp.conf: pass in quick on lo0 proto icmp from 127.0.0.1/8 to 127.0.0.1/8 with short block in log quick all with short block in log quick all with opt lsrr block in log quick all with opt ssrr pass in quick on lo0 all pass out quick on lo0 all block in log on age0 from any to any block out log on age0 from any to any pass in quick on age0 proto tcp from any to age0/32 port = 22 keep state pass in quick on age0 proto icmp from any to age0/32 keep state pass out quick on age0 proto icmp from age0/32 to any keep state pass out quick on age0 proto tcp/udp from any to any keep state HERE IS RC.CONF FILE: hostname="xxxx.xxxxxx.com" ifconfig_age0="inet 123.456.789.10 netmask 255.255.255.0" defaultrouter="123.456.789.1" ################################ sshd_enable="YES" ################################ # Set dumpdev to "AUTO" to enable crash dumps, "NO" to disable dumpdev="NO" inetd_enable="NO" ################################ ipfilter_enable="NO" ipfilter_rules="/etc/ipf/ipf.conf" ipmon_enable="YES" # Start IP monitor log ipmon_flags="-Ds" # D = start as daemon ################################ >Fix: uh uh >Release-Note: >Audit-Trail: >Unformatted: _______________________________________________ freebsd-bugs@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-bugs To unsubscribe, send any mail to "freebsd-bugs-unsubscr...@freebsd.org"
