misc/187665: unable to disable IPFW with VIMAGE
wishmaster
artemrts at ukr.net
Mon Mar 17 16:40:02 UTC 2014
>Number: 187665
>Category: misc
>Synopsis: unable to disable IPFW with VIMAGE
>Confidential: no
>Severity: non-critical
>Priority: low
>Responsible: freebsd-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: sw-bug
>Submitter-Id: current-users
>Arrival-Date: Mon Mar 17 16:40:01 UTC 2014
>Closed-Date:
>Last-Modified:
>Originator: wishmaster
>Release: 10.0-STABLE
>Organization:
IT Service
>Environment:
FreeBSD sms 10.0-STABLE FreeBSD 10.0-STABLE #4 r263247: Mon Mar 17 17:11:20 EET 2014 wishmaster at sms:/usr/obj/usr/src/sys/SMS i386
>Description:
System with 10.0-STABLE. I use Jail with VIMAGE support and I am unable to disable IPFW in Jail via sysctl net.inet.ip.fw.enable=0 because this sysctl is absent in jail host (and in base host too).
# sysctl net.inet.ip.fw
net.inet.ip.fw.one_pass: 0
net.inet.ip.fw.autoinc_step: 100
net.inet.ip.fw.verbose: 0
net.inet.ip.fw.verbose_limit: 0
net.inet.ip.fw.default_rule: 65535
net.inet.ip.fw.tables_max: 128
net.inet.ip.fw.default_to_accept: 1
net.inet.ip.fw.static_count: 134
net.inet.ip.fw.dyn_buckets: 256
net.inet.ip.fw.curr_dyn_buckets: 256
net.inet.ip.fw.dyn_count: 19
net.inet.ip.fw.dyn_max: 16384
net.inet.ip.fw.dyn_ack_lifetime: 3600
net.inet.ip.fw.dyn_syn_lifetime: 20
net.inet.ip.fw.dyn_fin_lifetime: 1
net.inet.ip.fw.dyn_rst_lifetime: 1
net.inet.ip.fw.dyn_udp_lifetime: 20
net.inet.ip.fw.dyn_short_lifetime: 10
net.inet.ip.fw.dyn_keepalive: 1
This problem occures both when IPFW as module and compilled in kernel.
Another host
FreeBSD db 10.0-PRERELEASE FreeBSD 10.0-PRERELEASE #0 r260982: W ed Jan 22 00:54:30 EET 2014 wishmaster at db:/usr/obj/usr/src/s ys/MY_10 i386
without this problem.
>How-To-Repeat:
Install BreeBSD 10 STABLE at least revision 263247.
>Fix:
Don't know...
>Release-Note:
>Audit-Trail:
>Unformatted:
More information about the freebsd-bugs
mailing list