From owner-freebsd-ipfw@FreeBSD.ORG  Mon Dec 24 11:07:00 2007
Return-Path: <owner-freebsd-ipfw@FreeBSD.ORG>
Delivered-To: freebsd-ipfw@hub.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 13AC816A417
	for <freebsd-ipfw@hub.freebsd.org>;
	Mon, 24 Dec 2007 11:07:00 +0000 (UTC)
	(envelope-from owner-bugmaster@FreeBSD.org)
Received: from freefall.freebsd.org (freefall.freebsd.org
	[IPv6:2001:4f8:fff6::28])
	by mx1.freebsd.org (Postfix) with ESMTP id ED77913C448
	for <freebsd-ipfw@hub.freebsd.org>;
	Mon, 24 Dec 2007 11:06:59 +0000 (UTC)
	(envelope-from owner-bugmaster@FreeBSD.org)
Received: from freefall.freebsd.org (localhost [127.0.0.1])
	by freefall.freebsd.org (8.14.2/8.14.2) with ESMTP id lBOB6xq0031964
	for <freebsd-ipfw@FreeBSD.org>; Mon, 24 Dec 2007 11:06:59 GMT
	(envelope-from owner-bugmaster@FreeBSD.org)
Received: (from gnats@localhost)
	by freefall.freebsd.org (8.14.2/8.14.1/Submit) id lBOB6xxQ031960
	for freebsd-ipfw@FreeBSD.org; Mon, 24 Dec 2007 11:06:59 GMT
	(envelope-from owner-bugmaster@FreeBSD.org)
Date: Mon, 24 Dec 2007 11:06:59 GMT
Message-Id: <200712241106.lBOB6xxQ031960@freefall.freebsd.org>
X-Authentication-Warning: freefall.freebsd.org: gnats set sender to
	owner-bugmaster@FreeBSD.org using -f
From: FreeBSD bugmaster <bugmaster@FreeBSD.org>
To: freebsd-ipfw@FreeBSD.org
Cc: 
Subject: Current problem reports assigned to freebsd-ipfw@FreeBSD.org
X-BeenThere: freebsd-ipfw@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: IPFW Technical Discussions <freebsd-ipfw.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw>,
	<mailto:freebsd-ipfw-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-ipfw>
List-Post: <mailto:freebsd-ipfw@freebsd.org>
List-Help: <mailto:freebsd-ipfw-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw>,
	<mailto:freebsd-ipfw-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 24 Dec 2007 11:07:00 -0000

Current FreeBSD problem reports
Critical problems
Serious problems

S Tracker      Resp.      Description
--------------------------------------------------------------------------------
o kern/51274   ipfw       [ipfw] [patch] ipfw2 create dynamic rules with parent 
o kern/73910   ipfw       [ipfw] serious bug on forwarding of packets after NAT
o kern/74104   ipfw       [ipfw] ipfw2/1 conflict not detected or reported, manp
o kern/88659   ipfw       [modules] ipfw and ip6fw do not work properly as modul
o kern/93300   ipfw       [ipfw] ipfw pipe lost packets
o kern/95084   ipfw       [ipfw] [patch] IPFW2 ignores "recv/xmit/via any" (IPFW
o kern/97504   ipfw       [ipfw] IPFW Rules bug
o kern/97951   ipfw       [ipfw] [patch] ipfw does not tie interface details to 
o kern/98831   ipfw       [ipfw] ipfw has UDP hickups
o kern/102471  ipfw       [ipfw] [patch] add tos and dscp support
o kern/103454  ipfw       [ipfw] [patch] add a facility to modify DF bit of the 
o kern/106534  ipfw       [ipfw] [panic] ipfw + dummynet
o kern/112708  ipfw       ipfw is seems to be broken to limit number of connecti
o kern/117234  ipfw       [ipfw] [patch] ipfw send_pkt() and ipfw_tick() don't s

14 problems total.

Non-critical problems

S Tracker      Resp.      Description
--------------------------------------------------------------------------------
a kern/26534   ipfw       [ipfw] Add an option to ipfw to log gid/uid of who cau
o kern/46159   ipfw       [ipfw] [patch] ipfw dynamic rules lifetime feature
o kern/48172   ipfw       [ipfw] [patch] ipfw does not log size and flags
o bin/50749    ipfw       [ipfw] [patch] ipfw2 incorrectly parses ports and port
o kern/55984   ipfw       [ipfw] [patch] time based firewalling support for ipfw
o kern/60719   ipfw       [ipfw] Headerless fragments generate cryptic error mes
o kern/69963   ipfw       [ipfw] install_state warning about already existing en
o kern/71366   ipfw       [ipfw] "ipfw fwd" sometimes rewrites destination mac a
o kern/72987   ipfw       [ipfw] ipfw/dummynet pipe/queue 'queue [BYTES]KBytes (
o kern/73276   ipfw       [ipfw] [patch] ipfw2 vulnerability (parser error)
o bin/78785    ipfw       [ipfw] [patch] ipfw verbosity locks machine if /etc/rc
o kern/80642   ipfw       [ipfw] [patch] ipfw small patch - new RULE OPTION
o kern/82724   ipfw       [ipfw] [patch] Add setnexthop and defaultroute feature
o kern/86957   ipfw       [ipfw] [patch] ipfw mac logging
o kern/87032   ipfw       [ipfw] [patch] ipfw ioctl interface implementation
o kern/91847   ipfw       [ipfw] ipfw with vlanX as the device
o kern/103328  ipfw       [ipfw] sugestions about ipfw table
o kern/104682  ipfw       [ipfw] [patch] Some minor language consistency fixes a
o bin/104921   ipfw       [patch] ipfw(8) sometimes treats ipv6 input as ipv4 (a
o kern/105330  ipfw       [ipfw] [patch] ipfw (dummynet) does not allow to set q
o kern/107305  ipfw       [ipfw] ipfw fwd doesn't seem to work
o kern/111713  ipfw       [dummynet] Too few dummynet queue slots
o kern/112561  ipfw       [ipfw] ipfw fwd does not work with some TCP packets
p kern/113388  ipfw       [ipfw][patch] Addition actions with rules within speci
o bin/113803   ipfw       [patch] bin/ipfw.8 - don't get bitten by the fwd rule
o bin/115172   ipfw       [patch] ipfw(8) list show some rules with a wrong form
p kern/115755  ipfw       [ipfw][patch] unify message and add a rule number wher
o kern/116009  ipfw       [ipfw] [patch] Ignore errors when loading ruleset from

28 problems total.


From owner-freebsd-ipfw@FreeBSD.ORG  Mon Dec 24 15:10:06 2007
Return-Path: <owner-freebsd-ipfw@FreeBSD.ORG>
Delivered-To: freebsd-ipfw@hub.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id BFD3B16A417;
	Mon, 24 Dec 2007 15:10:06 +0000 (UTC)
	(envelope-from linimon@FreeBSD.org)
Received: from freefall.freebsd.org (freefall.freebsd.org
	[IPv6:2001:4f8:fff6::28])
	by mx1.freebsd.org (Postfix) with ESMTP id 85B8013C45B;
	Mon, 24 Dec 2007 15:10:06 +0000 (UTC)
	(envelope-from linimon@FreeBSD.org)
Received: from freefall.freebsd.org (linimon@localhost [127.0.0.1])
	by freefall.freebsd.org (8.14.2/8.14.2) with ESMTP id lBOFA6us007110;
	Mon, 24 Dec 2007 15:10:06 GMT
	(envelope-from linimon@freefall.freebsd.org)
Received: (from linimon@localhost)
	by freefall.freebsd.org (8.14.2/8.14.1/Submit) id lBOFA6wv007106;
	Mon, 24 Dec 2007 15:10:06 GMT (envelope-from linimon)
Date: Mon, 24 Dec 2007 15:10:06 GMT
Message-Id: <200712241510.lBOFA6wv007106@freefall.freebsd.org>
To: linimon@FreeBSD.org, freebsd-bugs@FreeBSD.org, freebsd-ipfw@FreeBSD.org
From: linimon@FreeBSD.org
Cc: 
Subject: Re: kern/118993: [ipfw] page fault - probably it's a locking problem
X-BeenThere: freebsd-ipfw@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: IPFW Technical Discussions <freebsd-ipfw.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw>,
	<mailto:freebsd-ipfw-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-ipfw>
List-Post: <mailto:freebsd-ipfw@freebsd.org>
List-Help: <mailto:freebsd-ipfw-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw>,
	<mailto:freebsd-ipfw-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 24 Dec 2007 15:10:06 -0000

Synopsis: [ipfw] page fault - probably it's a locking problem

Responsible-Changed-From-To: freebsd-bugs->freebsd-ipfw
Responsible-Changed-By: linimon
Responsible-Changed-When: Mon Dec 24 15:09:59 UTC 2007
Responsible-Changed-Why: 
Over to maintainer(s).

http://www.freebsd.org/cgi/query-pr.cgi?pr=118993

From owner-freebsd-ipfw@FreeBSD.ORG  Tue Dec 25 14:14:14 2007
Return-Path: <owner-freebsd-ipfw@FreeBSD.ORG>
Delivered-To: freebsd-ipfw@hub.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 6690616A468;
	Tue, 25 Dec 2007 14:14:14 +0000 (UTC)
	(envelope-from kris@FreeBSD.org)
Received: from freefall.freebsd.org (freefall.freebsd.org
	[IPv6:2001:4f8:fff6::28])
	by mx1.freebsd.org (Postfix) with ESMTP id 50D7413C467;
	Tue, 25 Dec 2007 14:14:14 +0000 (UTC)
	(envelope-from kris@FreeBSD.org)
Received: from freefall.freebsd.org (kris@localhost [127.0.0.1])
	by freefall.freebsd.org (8.14.2/8.14.2) with ESMTP id lBPEEEGU005480;
	Tue, 25 Dec 2007 14:14:14 GMT
	(envelope-from kris@freefall.freebsd.org)
Received: (from kris@localhost)
	by freefall.freebsd.org (8.14.2/8.14.1/Submit) id lBPEEDQg005476;
	Tue, 25 Dec 2007 14:14:13 GMT (envelope-from kris)
Date: Tue, 25 Dec 2007 14:14:13 GMT
Message-Id: <200712251414.lBPEEDQg005476@freefall.freebsd.org>
To: bu7cher@yandex.ru, kris@FreeBSD.org, freebsd-ipfw@FreeBSD.org
From: kris@FreeBSD.org
Cc: 
Subject: Re: kern/118993: [ipfw] page fault - probably it's a locking problem
X-BeenThere: freebsd-ipfw@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: IPFW Technical Discussions <freebsd-ipfw.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw>,
	<mailto:freebsd-ipfw-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-ipfw>
List-Post: <mailto:freebsd-ipfw@freebsd.org>
List-Help: <mailto:freebsd-ipfw-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw>,
	<mailto:freebsd-ipfw-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 25 Dec 2007 14:14:14 -0000

Synopsis: [ipfw] page fault - probably it's a locking problem

State-Changed-From-To: open->feedback
State-Changed-By: kris
State-Changed-When: Tue Dec 25 14:13:37 UTC 2007
State-Changed-Why: 
This backtrace appears not to have anything to do with ipfw.  If the
problem persists, please provide the ipfw ruleset that you are using
to trigger it.

http://www.freebsd.org/cgi/query-pr.cgi?pr=118993

From owner-freebsd-ipfw@FreeBSD.ORG  Tue Dec 25 14:15:15 2007
Return-Path: <owner-freebsd-ipfw@FreeBSD.ORG>
Delivered-To: freebsd-ipfw@hub.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 688AE16A418;
	Tue, 25 Dec 2007 14:15:15 +0000 (UTC)
	(envelope-from kris@FreeBSD.org)
Received: from freefall.freebsd.org (freefall.freebsd.org
	[IPv6:2001:4f8:fff6::28])
	by mx1.freebsd.org (Postfix) with ESMTP id 5547813C45B;
	Tue, 25 Dec 2007 14:15:15 +0000 (UTC)
	(envelope-from kris@FreeBSD.org)
Received: from freefall.freebsd.org (kris@localhost [127.0.0.1])
	by freefall.freebsd.org (8.14.2/8.14.2) with ESMTP id lBPEFFGo005965;
	Tue, 25 Dec 2007 14:15:15 GMT
	(envelope-from kris@freefall.freebsd.org)
Received: (from kris@localhost)
	by freefall.freebsd.org (8.14.2/8.14.1/Submit) id lBPEFFtQ005961;
	Tue, 25 Dec 2007 14:15:15 GMT (envelope-from kris)
Date: Tue, 25 Dec 2007 14:15:15 GMT
Message-Id: <200712251415.lBPEFFtQ005961@freefall.freebsd.org>
To: bu7cher@yandex.ru, kris@FreeBSD.org, freebsd-ipfw@FreeBSD.org
From: kris@FreeBSD.org
Cc: 
Subject: Re: kern/118993: [ipfw] page fault - probably it's a locking problem
X-BeenThere: freebsd-ipfw@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: IPFW Technical Discussions <freebsd-ipfw.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw>,
	<mailto:freebsd-ipfw-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-ipfw>
List-Post: <mailto:freebsd-ipfw@freebsd.org>
List-Help: <mailto:freebsd-ipfw-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw>,
	<mailto:freebsd-ipfw-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 25 Dec 2007 14:15:15 -0000

Synopsis: [ipfw] page fault - probably it's a locking problem

State-Changed-From-To: feedback->open
State-Changed-By: kris
State-Changed-When: Tue Dec 25 14:14:45 UTC 2007
State-Changed-Why: 
Oops, it was actually a recursive panic and the first one is indeed
ipfw-related.  The ipfw ruleset would still help though.

http://www.freebsd.org/cgi/query-pr.cgi?pr=118993

From owner-freebsd-ipfw@FreeBSD.ORG  Wed Dec 26 07:14:45 2007
Return-Path: <owner-freebsd-ipfw@FreeBSD.ORG>
Delivered-To: freebsd-ipfw@FreeBSD.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 4814D16A41B;
	Wed, 26 Dec 2007 07:14:45 +0000 (UTC)
	(envelope-from bu7cher@yandex.ru)
Received: from smtp1.yandex.ru (smtp1.yandex.ru [213.180.200.14])
	by mx1.freebsd.org (Postfix) with ESMTP id 6592F13C45B;
	Wed, 26 Dec 2007 07:14:44 +0000 (UTC)
	(envelope-from bu7cher@yandex.ru)
Received: from ns.kirov.so-cdu.ru ([77.72.136.145]:63221 "EHLO [127.0.0.1]"
	smtp-auth: "bu7cher" TLS-CIPHER: "DHE-RSA-AES256-SHA keybits 256/256
	version TLSv1/SSLv3" TLS-PEER-CN1: <none>) by mail.yandex.ru
	with ESMTP id S8372648AbXLZG5s (ORCPT
	<rfc822;freebsd-ipfw@FreeBSD.org> + 1 other);
	Wed, 26 Dec 2007 09:57:48 +0300
X-Yandex-Spam: 1 
X-Yandex-Front: smtp1
X-Yandex-TimeMark: 1198652268
X-MsgDayCount: 3
X-Comment: RFC 2476 MSA function at smtp1.yandex.ru logged sender identity as:
	bu7cher
Message-ID: <4771FB69.6070900@yandex.ru>
Date: Wed, 26 Dec 2007 09:57:45 +0300
From: "Andrey V. Elsukov" <bu7cher@yandex.ru>
User-Agent: Mozilla Thunderbird 1.5 (FreeBSD/20051231)
MIME-Version: 1.0
To: kris@FreeBSD.org
References: <200712251415.lBPEFFtQ005961@freefall.freebsd.org>
In-Reply-To: <200712251415.lBPEFFtQ005961@freefall.freebsd.org>
Content-Type: text/plain; charset=KOI8-R; format=flowed
Content-Transfer-Encoding: 7bit
Cc: freebsd-ipfw@FreeBSD.org, maksim_l@mail.ru
Subject: Re: kern/118993: [ipfw] page fault - probably it's a locking problem
X-BeenThere: freebsd-ipfw@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: IPFW Technical Discussions <freebsd-ipfw.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw>,
	<mailto:freebsd-ipfw-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-ipfw>
List-Post: <mailto:freebsd-ipfw@freebsd.org>
List-Help: <mailto:freebsd-ipfw-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw>,
	<mailto:freebsd-ipfw-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 26 Dec 2007 07:14:45 -0000

kris@FreeBSD.org wrote:
> State-Changed-When: Tue Dec 25 14:14:45 UTC 2007
> State-Changed-Why: 
> Oops, it was actually a recursive panic and the first one is indeed
> ipfw-related.  The ipfw ruleset would still help though.

I'm not sure that Maxim (a person who got the problem) can
publish his rules. But as i know there is a typical firewall-script
(`ipfw -f flush` and a lot of other rules).

As i see in the code, panic is in the line 2538:

  if (set_disable & (1 << f->set) )
     continue;

I think panic here can be only when "f" is invalid. I'm right?
But it seems protected with IPFW_RLOCK...

-- 
WBR, Andrey V. Elsukov

From owner-freebsd-ipfw@FreeBSD.ORG  Wed Dec 26 12:19:52 2007
Return-Path: <owner-freebsd-ipfw@FreeBSD.ORG>
Delivered-To: freebsd-ipfw@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 7676316A417
	for <freebsd-ipfw@freebsd.org>; Wed, 26 Dec 2007 12:19:52 +0000 (UTC)
	(envelope-from rihad@mail.ru)
Received: from mx4.mail.ru (fallback.mail.ru [194.67.57.14])
	by mx1.freebsd.org (Postfix) with ESMTP id 41B0A13C442
	for <freebsd-ipfw@freebsd.org>; Wed, 26 Dec 2007 12:19:52 +0000 (UTC)
	(envelope-from rihad@mail.ru)
Received: from mx27.mail.ru (mx27.mail.ru [194.67.23.23])
	by mx4.mail.ru (mPOP.Fallback_MX) with ESMTP id A8A1B75A4F
	for <freebsd-ipfw@freebsd.org>; Wed, 26 Dec 2007 12:17:11 +0300 (MSK)
Received: from [217.25.27.27] (port=48813 helo=[217.25.27.27])
	by mx27.mail.ru with esmtp id 1J7SNx-000E0G-00
	for freebsd-ipfw@freebsd.org; Wed, 26 Dec 2007 12:17:09 +0300
Message-ID: <47721BFF.9010309@mail.ru>
Date: Wed, 26 Dec 2007 13:16:47 +0400
From: rihad <rihad@mail.ru>
User-Agent: Icedove 1.5.0.14pre (X11/20071018)
MIME-Version: 1.0
To: freebsd-ipfw@freebsd.org
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Subject: disabling syslog messages?
X-BeenThere: freebsd-ipfw@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: IPFW Technical Discussions <freebsd-ipfw.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw>,
	<mailto:freebsd-ipfw-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-ipfw>
List-Post: <mailto:freebsd-ipfw@freebsd.org>
List-Help: <mailto:freebsd-ipfw-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw>,
	<mailto:freebsd-ipfw-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 26 Dec 2007 12:19:52 -0000

Hi, I'm using "ipfw zero NNN" to periodically zero many counters, each 
of which results in a syslog message generated despite the -q flag:

Dec 26 13:00:01 foo kernel: ipfw: Entry 1001 cleared.
Dec 26 13:00:01 foo kernel: ipfw: Entry 1002 cleared.
...
and so on. After looking in ipfw's sources in /usr/src/sbin/ipfw/ipfw2.c 
I now think that quite probably the messages are generated by some 
setsockopt call or by the kernel itself. I _could_ work around the issue 
by piping the "ipfw:" messages to /dev/null in syslogd, but there might 
be a cleaner solution?

Thank you.

From owner-freebsd-ipfw@FreeBSD.ORG  Thu Dec 27 05:32:45 2007
Return-Path: <owner-freebsd-ipfw@FreeBSD.ORG>
Delivered-To: freebsd-ipfw@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 0087716A41A
	for <freebsd-ipfw@freebsd.org>; Thu, 27 Dec 2007 05:32:45 +0000 (UTC)
	(envelope-from bu7cher@yandex.ru)
Received: from smtp1.yandex.ru (smtp1.yandex.ru [213.180.200.14])
	by mx1.freebsd.org (Postfix) with ESMTP id 4965B13C455
	for <freebsd-ipfw@freebsd.org>; Thu, 27 Dec 2007 05:32:43 +0000 (UTC)
	(envelope-from bu7cher@yandex.ru)
Received: from ns.kirov.so-cdu.ru ([77.72.136.145]:24783 "EHLO [127.0.0.1]"
	smtp-auth: "bu7cher" TLS-CIPHER: "DHE-RSA-AES256-SHA keybits 256/256
	version TLSv1/SSLv3" TLS-PEER-CN1: <none>) by mail.yandex.ru
	with ESMTP id S8372675AbXL0Fcc (ORCPT
	<rfc822;freebsd-ipfw@freebsd.org>); Thu, 27 Dec 2007 08:32:32 +0300
X-Yandex-Spam: 1 
X-Yandex-Front: smtp1
X-Yandex-TimeMark: 1198733552
X-MsgDayCount: 2
X-Comment: RFC 2476 MSA function at smtp1.yandex.ru logged sender identity as:
	bu7cher
Message-ID: <477338E6.2070906@yandex.ru>
Date: Thu, 27 Dec 2007 08:32:22 +0300
From: "Andrey V. Elsukov" <bu7cher@yandex.ru>
User-Agent: Mozilla Thunderbird 1.5 (FreeBSD/20051231)
MIME-Version: 1.0
To: rihad <rihad@mail.ru>
References: <47721BFF.9010309@mail.ru>
In-Reply-To: <47721BFF.9010309@mail.ru>
Content-Type: text/plain; charset=KOI8-R; format=flowed
Content-Transfer-Encoding: 7bit
Cc: freebsd-ipfw@freebsd.org
Subject: Re: disabling syslog messages?
X-BeenThere: freebsd-ipfw@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: IPFW Technical Discussions <freebsd-ipfw.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw>,
	<mailto:freebsd-ipfw-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-ipfw>
List-Post: <mailto:freebsd-ipfw@freebsd.org>
List-Help: <mailto:freebsd-ipfw-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw>,
	<mailto:freebsd-ipfw-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 27 Dec 2007 05:32:45 -0000

rihad wrote:
> Dec 26 13:00:01 foo kernel: ipfw: Entry 1001 cleared.
> Dec 26 13:00:01 foo kernel: ipfw: Entry 1002 cleared.
> ...
> and so on. After looking in ipfw's sources in /usr/src/sbin/ipfw/ipfw2.c 
> I now think that quite probably the messages are generated by some 
> setsockopt call or by the kernel itself. I _could_ work around the issue 
> by piping the "ipfw:" messages to /dev/null in syslogd, but there might 
> be a cleaner solution?

If you don't use `ipfw log ...`  rules you can reset sysctl variable 
net.inet.ip.fw.verbose to 0 and these messages will not be logged.

-- 
WBR, Andrey V. Elsukov