conf/153155: [PATCH] [8.2-BETA1] ipfw rules fail to load cleanly on start if nat enabled

Thomas Sandford freebsduser at
Tue Dec 14 19:50:09 UTC 2010

>Number:         153155
>Category:       conf
>Synopsis:       [PATCH] [8.2-BETA1] ipfw rules fail to load cleanly on start if nat enabled
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    freebsd-bugs
>State:          open
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Tue Dec 14 19:50:08 UTC 2010
>Originator:     Thomas Sandford
>Release:        FreeBSD 8.2-BETA1 i386
FreeBSD fbsd-8.2 8.2-BETA1 FreeBSD 8.2-BETA1 #0: Sun Dec 5 02:13:37 UTC 2010 root at i386
/etc/rc.d/ipfw fails to load the ipdivert module when natd is enabled.

This causes the divert rules that /etc/rc.firewall adds in this case to fail on system boot, with the following error message displayed during ipfw rule load:
ipfw: getsockopt(IP_FW_ADD): Invalid argument

Restarting ipfw works around the problem as /etc/rc.d/natd (which is run _after_ ipfw is intialised) DOES load ipdivert.
In /etc/rc.conf

Apply the attached patch.

This is verified to fix the problem in 8.2-BETA1, also 8.1-RELEASE. The patched file is identical in HEAD (against which the patch has been created) and 8.2-BETA1.

Patch attached with submission follows:

Index: rc.d/ipfw
--- rc.d/ipfw	(revision 216439)
+++ rc.d/ipfw	(working copy)
@@ -31,6 +31,10 @@
 			required_modules="$required_modules ipfw_nat"
+	if checkyesno natd_enable; then
+		required_modules="$required_modules ipdivert"
+	fi


More information about the freebsd-bugs mailing list