conf/188481: ipfilter fails to initialize on simple install with default kernel and rc.conf set to ipf defaults on multiple Intel x86 64 bit CPU architecture

Jim Sanders jim at netdataltd.com
Fri Apr 11 21:10:03 UTC 2014 

>Number:         188481
>Category:       conf
>Synopsis:       ipfilter fails to initialize on simple install with default kernel and rc.conf set to ipf defaults on multiple Intel x86 64 bit CPU architecture
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    freebsd-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Fri Apr 11 21:10:01 UTC 2014
>Closed-Date:
>Last-Modified:
>Originator:     Jim Sanders
>Release:        10 production dated Jan 16 2014
>Organization:
None
>Environment:
root at zues:~ # uname -a
FreeBSD zues.netdataltd.com 10.0-RELEASE FreeBSD 10.0-RELEASE #0 r260789: Thu Jan 16 22:34:59 UTC 2014     root at snap.freebsd.org:/usr/obj/usr/src/sys/GENERIC  amd64

>Description:
Previously to just nows output below from simple ipf commands showed that an error was occuring perhaps with the kernel module but it mentioned a missing file so that is a wierd error for IPF to be exhibiting any way right?

So mainly I have a bug report to just show that running IPFTEST fails. It gives a segmentation fault on iptest wtih a fully ttested ipfilter file

root at zues:~ # ipf -E
root at zues:~ # 
root at zues:~ # ipf -f /etc/ipf/ipf.conf 
root at zues:~ # ipftest -vr /etc/ipf/ipf.conf
pass in quick on lo0(!) inet proto icmp from 127.0.0.0/8 to 127.0.0.0/8 with short
block in log quick from any to any with short
block in log quick inet from any to any with opt lsrr
block in log quick inet from any to any with opt ssrr
pass in quick on lo0(!) all
pass out quick on lo0(!) all
block in log on age0(!) from any to any
block out log on age0(!) from any to any
pass in quick on age0(!) inet proto tcp from any to age0/32 port = ssh keep state # count 0
Segmentation fault (core dumped)

>How-To-Repeat:
install from disk1.iso and just add a ipf.conf file for the rules like this below and you add the lines recommended to rc.conf also below after the rules and you get the error in fbsd 10 but not in fbsd 9:

HERE IS RULES FILE /etc/ipf/ifp.conf:

pass in quick on lo0 proto icmp from 127.0.0.1/8 to 127.0.0.1/8 with short
block in log quick all with short
block in log quick all with opt lsrr
block in log quick all with opt ssrr
pass in quick on lo0 all
pass out quick on lo0 all
block in log on age0 from any to any
block out log on age0 from any to any
pass in quick on age0 proto tcp from any to age0/32 port = 22 keep state
pass in quick on age0 proto icmp from any to age0/32 keep state
pass out quick on age0 proto icmp from age0/32 to any keep state
pass out quick on age0 proto tcp/udp from any to any keep state

HERE IS RC.CONF FILE:

hostname="xxxx.xxxxxx.com"
ifconfig_age0="inet 123.456.789.10 netmask 255.255.255.0"
defaultrouter="123.456.789.1"
################################
sshd_enable="YES"
################################
# Set dumpdev to "AUTO" to enable crash dumps, "NO" to disable
dumpdev="NO"
inetd_enable="NO"
################################
ipfilter_enable="NO"
ipfilter_rules="/etc/ipf/ipf.conf"
ipmon_enable="YES" # Start IP monitor log 
ipmon_flags="-Ds" # D = start as daemon 
################################

>Fix:
uh uh

>Release-Note:
>Audit-Trail:
>Unformatted:

More information about the freebsd-bugs mailing list