kern/74104: ipfw2/1 conflict not detected or reported, manpage unclear

[Barney Wolff]

>Number:         74104
>Category:       kern
>Synopsis:       ipfw2/1 conflict not detected or reported, manpage unclear
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    freebsd-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Fri Nov 19 07:00:49 GMT 2004
>Closed-Date:
>Last-Modified:
>Originator:     Barney Wolff
>Release:        FreeBSD 4.10-STABLE i386
>Organization:
Databus Inc.
>Environment:
System: FreeBSD pit.databus.com 4.10-STABLE FreeBSD 4.10-STABLE #1: Fri Nov 19 01:22:10 EST 2004 toor at pit.databus.com:/usr/obj/usr/src/sys/PIT i386


	
>Description:
	ipfw manpage for running ipfw2 under STABLE (RELENG-4) is not clear that
	kernel option IPFW2 is required along with IPFW2=TRUE in /etc/make.conf.
	The result is a system that appears to run but has no rules applied,
	because ipfw hangs and presumably the startup scripts never complete.
	There is no log entry indicating anything wrong.

>How-To-Repeat:
	add IPFW2=TRUE to /etc/make.conf without option IPFW2 in kernel conf.
>Fix:

	At the very minimum, clarify the manpage to indicate that the make.conf
	setting controls only world, not the kernel.  I at least was fooled,
	and I don't consider myself mentally challenged - although admittedly
	I should have taken the reference to buildworld as a hint.

	Beyond that, "it would be nice" if ipfw complained loudly on a mismatch
	between world and kernel conf.  Better, of course, would be a single
	flag to control both world and kernel, as there is no conceivable reason
	ever to want them out of sync.


>Release-Note:
>Audit-Trail:
>Unformatted: