From owner-freebsd-stable  Wed Oct  3  6:22:36 2001
Delivered-To: freebsd-stable@freebsd.org
Received: from shiva.jussieu.fr (shiva.jussieu.fr [134.157.0.129])
	by hub.freebsd.org (Postfix) with ESMTP id 7AB8137B406
	for <freebsd-stable@freebsd.org>; Wed,  3 Oct 2001 06:22:32 -0700 (PDT)
Received: from parthe.lpthe.jussieu.fr (parthe.lpthe.jussieu.fr [134.157.10.1])
          by shiva.jussieu.fr (8.11.3/jtpda-5.3.3) with ESMTP id f93DMVP88286
          for <freebsd-stable@freebsd.org>; Wed, 3 Oct 2001 15:22:31 +0200 (CEST)
Received: from niobe.lpthe.jussieu.fr (dfu0bziz73h2bdc1@niobe.lpthe.jussieu.fr [134.157.10.41])
          by parthe.lpthe.jussieu.fr (8.11.1/jtpda-5.3.1) with ESMTP id f93DMUS08930
          for <freebsd-stable@freebsd.org>; Wed, 3 Oct 2001 15:22:30 +0200 (MEST)
Received: (from uucp@localhost)
	by niobe.lpthe.jussieu.fr (8.11.6/8.11.3) with UUCP id f93DMUD00393
	for freebsd-stable@freebsd.org; Wed, 3 Oct 2001 15:22:30 +0200 (CEST)
	(envelope-from michel@rose.lpthe.jussieu.fr)
Received: (from michel@localhost)
	by rose.lpthe.jussieu.fr (8.11.6/8.11.3) id f93DMPO16367
	for freebsd-stable@freebsd.org; Wed, 3 Oct 2001 15:22:25 +0200 (CEST)
	(envelope-from michel)
Date: Wed, 3 Oct 2001 15:22:25 +0200
From: Michel Talon <michel@lpthe.jussieu.fr>
To: freebsd-stable@freebsd.org
Subject: ipfilter problems
Message-ID: <20011003152225.A16349@lpthe.jussieu.fr>
Mail-Followup-To: freebsd-stable@freebsd.org
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
X-Mailer: Mutt 1.0pre2i
Sender: owner-freebsd-stable@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-stable.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-stable>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-stable>
X-Loop: FreeBSD.ORG


Hello,

I have investigated a problem with ipfilter in FreeBSD.
The following sequence, which is initiated by /etc/rc.network
kldload ipl
ipf -Fa -f /etc/ipf.rules
ipmon -Ds

followed by
kldunload ipl

panics the machine. From the following startup messages, it appears
that the running program causing panic is ipmon. A backtrace does not
show that the panic is in ipl itself, apparently.
If ipmon is not running there is no problem kldunloading ipl.

There is a second problem, most obvious on laptops with pcmcia 
network cards. Since the card is still not initialized when
ipf -Fa -f /etc/ipf.rules 
runs, in fact the firewall blocks everything and /var/log/messages
fills up fast with ipmon messages. It is necessary to run 
ipf -Fa -f /etc/ipf.rules
again to get proper behavior. I think running ipf as a dhcp hook
or a ppp hook would be preferable for laptops, and replacing
the first call to ipf by ipf -Fa.

-- 
Michel Talon

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-stable" in the body of the message