ipfw weirdness after csup/buildworld
Tim Gustafson
tjg at soe.ucsc.edu
Thu Apr 1 17:11:32 UTC 2010
I am running: FreeBSD 8.0-STABLE amd64
After recently csup'ing to the latest sources and then a build/install cycle, my ipfw started misbehaving badly. I'm seeing lots of:
ipfw: install_state: entry already present, done
and also lots of:
ipfw: ouch!, skip past end of rules, denying packet
When I did an "ipfw list", I got something like this:
00000 ip from any to any
Note the rule number is all zeros, and there's no "allow" or "deny". Adding rules or removing rules didn't fix anything, nor did an "ipfw flush". Once it was in that state, attempting to "kldunload ipfw" caused the system to hang. The only fix for now was to disable the firewall.
When I went into single user mode, and did:
kldload ipfw
ipfw /etc/firewall.rules (which is the same ruleset I had loaded on boot)
everything worked fine, but when I went into multi-user mode and did the same thing, it failed with the symptoms listed above.
Just to be sure, a day after this started happening I did a csup again and another build/install cycle but got exactly the same results.
Any ideas?
Tim Gustafson
Baskin School of Engineering
UC Santa Cruz
tjg at soe.ucsc.edu
831-459-5354
More information about the freebsd-questions
mailing list