[Bug 184355] rc.firewall: ipfw failed to restart if tables are used

Go to: [ bottom of page ] [ top of archives ] [ this month ]
From: <bugzilla-noreply_at_freebsd.org>
Date: Thu, 04 Dec 2025 19:32:35 UTC
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=184355

Oleg Streejak <oleg@pcbtech.ru> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |oleg@pcbtech.ru

--- Comment #5 from Oleg Streejak <oleg@pcbtech.ru> ---
Hi all,
seems to me that 15.0-RELEASE has a like or somehow-relevant error. A tried
these on two freshly freebsd-update'd servers, with the same results.

Let's consider ipfw-rule file:
$ cat /tmp/ipfw.table
table 13 create or-flush
table 13 add 172.16.0.0/12
table 13 add 192.168.0.0/16
table 13 add 0.0.0.0/8
table 13 add 169.254.0.0/16
table 13 add 192.0.2.0/24
table 13 add 224.0.0.0/4
table 13 add 240.0.0.0/4
$ ipfw table 13 destroy
$ ipfw /tmp/ipfw.table 
added: 172.16.0.0/12 0
added: 192.168.0.0/16 0
added: 0.0.0.0/8 0
added: 169.254.0.0/16 0
added: 192.0.2.0/24 0
added: 224.0.0.0/4 0
added: 240.0.0.0/4 0

if run it once again, I get the error:
$ ipfw /tmp/ipfw.table
added: 172.16.0.0/12 0
Line 2: Adding record failed: record already exists

and only after command
$ ipfw table 13 destroy

it works, but just once.

On the other hand, if I change the first command to `flush' it works while the
table exists, but can not be added it there's none table by that name:

$ cat /tmp/ipfw.table
table 13 flush
table 13 add 172.16.0.0/12
table 13 add 192.168.0.0/16
table 13 add 0.0.0.0/8
table 13 add 169.254.0.0/16
table 13 add 192.0.2.0/24
table 13 add 224.0.0.0/4
table 13 add 240.0.0.0/4
$ ipfw /tmp/ipfw.table
added: 172.16.0.0/12 0
added: 192.168.0.0/16 0
added: 0.0.0.0/8 0
added: 169.254.0.0/16 0
added: 192.0.2.0/24 0
added: 224.0.0.0/4 0
added: 240.0.0.0/4 0
$ ipfw /tmp/ipfw.table
added: 172.16.0.0/12 0
added: 192.168.0.0/16 0
added: 0.0.0.0/8 0
added: 169.254.0.0/16 0
added: 192.0.2.0/24 0
added: 224.0.0.0/4 0
added: 240.0.0.0/4 0

$ ipfw table 13 destroy
$ ipfw /tmp/ipfw.table
Line 1: failed to flush table 13 info: No such process
Line 2: DEPRECATED: inserting data into non-existent table 13. (auto-created)
added: 172.16.0.0/12 0
Line 2: Adding record failed: table not found

Also tried wordly table names - all with the same effect. I used `create
or-flush' rules on my servers since at lease 14.3-RELEASE (possibly on even
earlier releases) and everething was ok till 15.0-RELEASE.

p.s.: both create & flash at the beginning doesn't help either:
$ cat /tmp/ipfw.table
table test create or-flush
table test flush
table test add 172.16.0.0/12
table test add 192.168.0.0/16
table test add 0.0.0.0/8
table test add 169.254.0.0/16
table test add 192.0.2.0/24
table test add 224.0.0.0/4
table test add 240.0.0.0/4
$ ipfw table test destroy
$ ipfw table test info
ipfw: failed to request table info: No such process
$ ipfw /tmp/ipfw.table
added: 172.16.0.0/12 0
added: 192.168.0.0/16 0
added: 0.0.0.0/8 0
added: 169.254.0.0/16 0
added: 192.0.2.0/24 0
added: 224.0.0.0/4 0
added: 240.0.0.0/4 0
$ ipfw /tmp/ipfw.table
added: 172.16.0.0/12 0
Line 3: Adding record failed: record already exists

-- 
You are receiving this mail because:
You are the assignee for the bug.