bin/64106: rc.d: incorrect depencency between ipfilter and ipmon
Jimmy Olgeni
g.olgeni at colby.it
Thu Mar 11 06:00:35 PST 2004
>Number: 64106
>Category: bin
>Synopsis: rc.d: incorrect depencency between ipfilter and ipmon
>Confidential: no
>Severity: serious
>Priority: medium
>Responsible: freebsd-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: sw-bug
>Submitter-Id: current-users
>Arrival-Date: Thu Mar 11 06:00:34 PST 2004
>Closed-Date:
>Last-Modified:
>Originator: Jimmy Olgeni
>Release: FreeBSD 5.2.1-RELEASE i386
>Organization:
Colby
>Environment:
5.2.1-RELEASE, -CURRENT.
>Description:
The ipmon script in rc.d checks if either ipfilter_enable or ipnat_enable
are set, as it needs the ipl.ko module to work.
Unfortunately, the rc.d/ipfilter script has ipmon listed in its REQUIRED
line, so ipmon will never have a chance to start after ipfilter. If
ipfilter is not compiled into the kernel, ipmon will always fail to start
from rc.d at boot time.
>How-To-Repeat:
Set ipfilter_enable and ipmon_enable in rc.conf, then reboot and check
for the following console messages:
console: Setting hostname: whatever.it.is
console: /etc/rc: ERROR: ipfilter module is not loaded
kernel: IP Filter: v3.4.31 initialized. Default = pass all, Logging = enabled
console: /etc/rc: WARNING: IP-filter: NO IPF RULES
console: lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 16384
>Fix:
The rc.d/ipmon script should "REQUIRE" ipfilter, not the other way around.
As ipnat also requires ipfilter, this should take care of any ipnat issues.
>Release-Note:
>Audit-Trail:
>Unformatted:
More information about the freebsd-bugs
mailing list