bin/64106: rc.d: incorrect depencency between ipfilter and ipmon

Jimmy Olgeni g.olgeni at colby.it
Thu Mar 11 06:00:35 PST 2004


>Number:         64106
>Category:       bin
>Synopsis:       rc.d: incorrect depencency between ipfilter and ipmon
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    freebsd-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Thu Mar 11 06:00:34 PST 2004
>Closed-Date:
>Last-Modified:
>Originator:     Jimmy Olgeni
>Release:        FreeBSD 5.2.1-RELEASE i386
>Organization:
Colby
>Environment:

	5.2.1-RELEASE, -CURRENT.

>Description:

The ipmon script in rc.d checks if either ipfilter_enable or ipnat_enable
are set, as it needs the ipl.ko module to work.

Unfortunately, the rc.d/ipfilter script has ipmon listed in its REQUIRED
line, so ipmon will never have a chance to start after ipfilter. If
ipfilter is not compiled into the kernel, ipmon will always fail to start
from rc.d at boot time.

>How-To-Repeat:

Set ipfilter_enable and ipmon_enable in rc.conf, then reboot and check
for the following console messages:

console: Setting hostname: whatever.it.is
console: /etc/rc: ERROR: ipfilter module is not loaded
 kernel: IP Filter: v3.4.31 initialized.  Default = pass all, Logging = enabled
console: /etc/rc: WARNING: IP-filter: NO IPF RULES
console: lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 16384

>Fix:

The rc.d/ipmon script should "REQUIRE" ipfilter, not the other way around.
As ipnat also requires ipfilter, this should take care of any ipnat issues.
>Release-Note:
>Audit-Trail:
>Unformatted:


More information about the freebsd-bugs mailing list