Date: Thu, 5 Dec 2002 00:55:12 -0500 From: "Ilya" <mail@krel.org> To: <freebsd-ipfw@freebsd.org> Subject: ipfw2 crashes Message-ID: <00d701c29c22$e04bcb80$0100a8c0@ilya> References: <3DEE16D7.1020706@northnetworks.ca> <3DEE39C3.5040704@northnetworks.ca> <000901c29bbb$7bb4a0a0$4635a8c0@sloniki> <3DEE6D69.1080504@northnetworks.ca>
next in thread | previous in thread | raw e-mail | index | archive | help
This is a multi-part message in MIME format. ------=_NextPart_000_00D4_01C29BF8.F761ED60 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit I have tried ipfw2 and it core dumps on my box. i saw these errors during boot: ipfw: size mismatch (have 176 want 16420) ipfw: size mismatch (have 176 want 48) ipfw: size mismatch (have 176 want 48) ipfw: size mismatch (have 176 want 48) ipfw: size mismatch (have 176 want 48) ipfw: size mismatch (have 176 want 48) ipfw: size mismatch (have 176 want 48) i cant gdb the core file, so it is attached (its very small), hope it will help. 4.7 stable here is the ruleset: #Flush rules ipfw -f flush ipfw -f zero ipfw -f resetlog #Natd ipfw add divert natd all from any to any via $DIF ipfw add check-state # Allow any traffic from local network to any passing through the # internal interface ipfw add allow ip from $LAN to any keep-state via $LIF ipfw add allow ip from $LAN to any keep-state via $LIF #ipfw add allow ip from $LAN to any via $LIF ipfw add allow ip from $ALCHEMISTRY to any keep-state via $DIF ipfw add allow ip from $IPC to any keep-state via $CIF #Allow incoming requests to reach the following services: ipfw add allow tcp from any to $ALCHEMISTRY 22,25,80 setup keep-state via $DIF ipfw add check-state # Allow DNS traffic from internet to query your DNS (for reverse # lookups etc). ipfw add allow udp from any 53 to $ALCHEMISTRY 53 via $DIF ipfw add allow udp from any 1024-65535 to $ALCHEMISTRY 53 via $DIF ipfw add allow udp from any 53 to $RUMATA 53 via $DIF ipfw add allow udp from any 1024-65535 to $RUMATA 53 via $DIF ipfw add allow udp from any 53 to $ALCHEMISTRY 1024-65535 via $DIF ipfw add allow udp from any 53 to $RUMATA 1024-65535 via $DIF # Allow required ICMP ipfw add allow icmp from any to any icmptypes 3,4,11,12 #httptunel from work #ipfw add allow tcp from any to $RUMATA 443 setup via $DIF #LOCAL ipfw add pass all from any to any via lo0 ipfw add deny log all from any to 127.0.0.0/8 #ipfw add deny log tcp from any to any in via fxp0 established #ipfw add deny log ip from any to any in recv fxp0 frag #ipfw add deny log ip from $LAN to any in via $CIF #ipfw add deny log ip from $LAN to any in via $DIF #ipfw add deny log ip from not $LAN to any in via $CIF #ipfw add deny log ip from not $LAN to any in via $DIF # Stop private networks (RFC1918) from entering the outside interface. ipfw add deny log ip from 192.168.0.0/16 to any in via $CIF ipfw add deny log ip from 192.168.0.0/16 to any in via $DIF ipfw add deny log ip from 172.16.0.0/12 to any in via $CIF ipfw add deny log ip from 172.16.0.0/12 to any in via $DIF ipfw add deny log ip from 10.0.0.0/8 to any in via $CIF ipfw add deny log ip from 10.0.0.0/8 to any in via $DIF ipfw add deny log ip from any to 192.168.0.0/16 in via $CIF ipfw add deny log ip from any to 192.168.0.0/16 in via $DIF ipfw add deny log ip from any to 172.16.0.0/12 in via $CIF ipfw add deny log ip from any to 172.16.0.0/12 in via $DIF ipfw add deny log ip from any to 10.0.0.0/8 in via $CIF ipfw add deny log ip from any to 10.0.0.0/8 in via $DIF ipfw add deny ip from 212.9.233.50 to any in via $CIF ipfw add deny ip from 212.9.233.50 to any in via $DIF # Stop draft-manning-dsua-01.txt nets on the outside interface ipfw add deny log all from 0.0.0.0/8 to any in via $CIF ipfw add deny log all from 0.0.0.0/8 to any in via $DIF ipfw add deny log all from 169.254.0.0/16 to any in via $CIF ipfw add deny log all from 169.254.0.0/16 to any in via $DIF ipfw add deny log all from 192.0.2.0/24 to any in via $CIF ipfw add deny log all from 192.0.2.0/24 to any in via $DIF ipfw add deny log all from 224.0.0.0/4 to any in via $CIF ipfw add deny log all from 224.0.0.0/4 to any in via $DIF ipfw add deny log all from 240.0.0.0/4 to any in via $CIF ipfw add deny log all from 240.0.0.0/4 to any in via $DIF ipfw add deny log all from any to 0.0.0.0/8 in via $CIF ipfw add deny log all from any to 0.0.0.0/8 in via $DIF ipfw add deny log all from any to 169.254.0.0/16 in via $CIF ipfw add deny log all from any to 169.254.0.0/16 in via $DIF ipfw add deny log all from any to 192.0.2.0/24 in via $CIF ipfw add deny log all from any to 192.0.2.0/24 in via $DIF ipfw add deny log all from any to 224.0.0.0/4 in via $CIF ipfw add deny log all from any to 224.0.0.0/4 in via $DIF ipfw add deny log all from any to 240.0.0.0/4 in via $CIF ipfw add deny log all from any to 240.0.0.0/4 in via $DIF # Allow all established connections to persist (setup required # for new connections). ipfw add allow tcp from any to any established #Deny Everything else ipfw add 65534 deny log ip from any to any via $CIF in ipfw add 65534 deny log ip from any to any via $DIF in ------=_NextPart_000_00D4_01C29BF8.F761ED60 Content-Type: application/x-gzip; name="ipfw.core.gz" Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="ipfw.core.gz" H4sICLPc2z0AA2lwZncuY29yZQDt2gl8lOWBx/EnIZO8iSCsoqK71neFaKiYTEK4IqkTcpCUXCZB AupCSAYykMuZBAKtJbVqgyIepWItrtTq6iq7tYddt9WGVnfrelRqxase2MWjW3fLbj23YPb/zDtD DsJRZLvu7u/74Zdn5r3nnTMT1hWXlyQkJKSamCQzyiTELueaAbnGNckmI7aMMe8Mmrc9wQwRvTpO VTuOiV9WybHL0fmuWhKbv8tryHz7M5DqzXe9Uoasn2C3nzF4+0Pm++3PH/V5R5QYLT7fbrQ5dpwl 4WBwTm1R9LKdVq7uU/OnpJjjND6kGVlmoAlqut38+33RbWfYTVenOmkaesYNOglfS3LOsHtNTDDO e3198fWd2PYTB+173Qn9/cb0R931YvZ2x+yInUI7/ZPH3oYWNcoMPX92Wqhj2eohCx8wAQAAAADw P6IpuKytodVEOte0d7SZprZIuLHZhNoiwcaucDB7/6Uc09be0BJqiAQjmhbsnK7r53a2NJ17aVcw vMYEtaLfnO/vTm/pPt+kd5n0lqbM9MyclibtonttirP7MI20zLbDXD/SjuX+nc+lOOMP0961h592 JNsZqWO5//N135znBsPh9nCe29W2sq19dZtbXlXo1tS4q4LhSKi9zaQ3ubobvR+6Q6fqUqN7kIn2 Dm9qddMj+zPp/tymdH/OAe1/+C2qqiyuKS6JjmWVZXUme6rJzjHZ2Sbbb2aZmWaGmW7mVxcV1BWb yqq6spKFpvCC+cU1C+fHxgpTFh2N97OyqrC0oHJuscnOjW6zuKbGrlcwv67UVNbX1NQW15mF+8ei qoqCskqjA5hfW1wU3UFFtZaLTa8trrmwpKCs3JRU1VR4W9LPqhpTUFRUVldWVVlQbqprdPwXzC+r Lasrro3ucsjTK9OkpqaagP2hE6J/xjVuRpqdqknpLV26ByLBcKihJU2XwsFl4WCk2bvYGV5jLwS7 O0L2kjtZV1pDbaHWrtY0PcVc28BgL9kfGa5J87bd5JrJRs9If263t4B2bOd5B6L7rMWuHLGrRUz8 7tdd37mmI2g0LmsPtzZ0eo8Pc/HEjNTU8+ySadq0P6fb1dHo9s2+MsWpV51f9bKXd8Wm1Q+aN/46 73KPumNjijPu6hSn45qBy7Ov8ebZy29d463zwQ0pzqbrNf1q7/qkDSlOs7pv08D+nI3euFXTzzRp Z15sLjYtwTZ3dr776aVdy3Tx0C9/WV2RcJZe87JaQkttjVmZmd6oF7mstsjijnCorTOz0biuSR1h /YI5hUXFJXNLyz47r7yisqr6gprauvkXLqhfuKhhaaNeW5c3h1asbGlta++4NBzp7Fq1unvNWn92 ztTcadNnzJx1TpbJP/TxNUT06OjUM9E9Mz1yprusIdQSbMpzl2mITpnitujlWHdn2sjrr+/t7b33 nnvumXF3inPzoAqGXbdVjTDNdsmw61NUelN6o91+WPVuS3H2qDtio+0RdXPs8jZ1sNtXWlBbmudW dXW67cvcdr3qLGtpX+12NCwPRjJdt6ytMRzUe050ghsJrQ0Ov5ndL6Q41eruWBer7kHXe2OjnTbS /uv39fVtaXP2z7vnlRTHfpd5p0b7He0WjfZ7zs0a7ffeGzX6NF6l0X5fvVaj/V65VaPdSJNG+zhZ qNEea4VG+z1yicbRGj+jcYxGv8bjNboax2o8/pWB40t81TuGD2PHsCe27zdj+xgsIZb7+4Of48Hs d8xHslxcmraeaEaZJOMzySbFOHoWpJnjzGgzxhxvxppxh1k/4TDzbx7rRG/jtbHxS7Hx87FxtUa7 jUhsbImNIY32frkkNi6MjQcz+HbbExW9Mt6J3kd2Xs8Ex7mjx+dUf9nnJKlJak+vz6nX+L1rfE7T Rp8zQc1UD17nc1o0br/Z52xSj6pn1EsqkDFxckt7Y0NLZ6g1mNmYOiNz2gyzoKy8qGDOnBrtK7jQ cWx2uYZI4/6lZhzkuCfFvmDPc4e8SMVenDREX52mrHKzM3Pc7FmzZmX5Z2blzHT9/jz9y851O4Kd wbBb3N3hTjqK7TfYwzvCrQ+8rA3a/h2v+Jxxr+p8qZdU3S6dT5X7ms/pVXt261y/rnOpzBs6f6pO 9ai3NK9e0zeMMH9rbH50J2/6oo+JXo3DH981XW3Bioblocrhb8zDjHtf21b77NqJR9Ac/ZhjhnYk 6x1JAb2yZCQdfaN9JkElqlEqSflUskpRjkpVh9pG2nqfOU6NVmPU8WqsMuuTjm0H2/+p2r8arcao 49VYZU5NOrYN33fioR4l+P/Cvp7Yh4J9T7HvvfY9377f2/d6+6Jj3+Pte4d9b7fv6/Y93b6f2/dy +574J+oEdaIar05SJ6tTjPc35FPVaepP1Z+p09WnlP2bsav+XJ2pJir7wp2uzlJnK/tH78nq0+oc NUWda+zvGt7fmP0qW+Woqcb7O/404/3d2r7PzFT2NTpPnadmK/sx9DPK/k4YUA1qqbIf8uxva0G1 TC033t/JQ2qFWmm8v/u2KvtRu111qEuN99kwojpVl1ql7N+Cu9UatVZdpC5Wl6i/UIvVkj/i/j+n Pq8uU19Q61SP+qK6XH1JXaGuVFepL6tetV5dra5RG9S1aqO6Tl2vblA3qq+oTeqr6ia1Wd2svqZu UV9XW9St6i/VbWqr+oa6XX1T3aHuVH+l7lJ3q79W96h71Tb1N+pv1beM9/8Lvq2+o76rvqfuV99X f6ceUH+vfqB+qB5UD6kfKfufGrarH6ufqIfVI+of1D+qn6pH1T+px9Tj6gn1pPqZekrtUD9XT6tf qGfUTvWsek49r15QL6pfqpfUy+oV9arx/jvIa+pX6p/VbvW6ekO9qd5Sv1b/on6j3lb/qv5N/Vbt Uf+u/kP9znj/V+Vd9Z56X32gPlT/qX6v9qp96iMT+1xoeP4XGO8jTaEqUvbDU4maq0pVmfqsmme8 /zNToSpVlapWFyj7ebdW1an56kK1QNWrhWqROfjz/4+1f57/PP9Hev4fyq5F3u+gVvz3b/u4sT8m zEh23GH8w9hF7euJfQ24bMiW95zvjZMC3rjQGwPXeWPvw9644oPo2HNFpn2amB0nNEbHK57bHB2D Tz5pR3fx1kT7FHprVekMO96+6bRWjYHXt/hv13j9px558FmNuWe9u3J0oenZNWPNwwWFZuvzVy7I XVVoHq1c3vrjewtN/g1Ldte/VhjYcH/36d86qaj6t796dvdp84pu3FmR/NSenqL4eqe0+e6//4Gv lLz74fm/HlU1syLndP+HpasvXzS7L7Lu5aqTuh5c//zm7zy9ZfbUu+7eOfG9sln5d71TtG/snTm3 bt7wlPODi9IL27c1ZSQ/OuK3WPa11PQf8NXHAZKGXd/e7DhP7E52klSvKlKH20bcRaGB/dnvQOz1 +H0+IXT02x0sbdgvGx0fY7tbm73vP+xtttlj7Agd/pwN2LPuwGkD395snZnqmCWpztfPdZyNqkst UQFlH8v2925fbNnZsfGIvms6O8XpUONPTnHennDgd1grpmsfyqjHpznOVvUF1aQCyqjtuY5zm+pR C1SemqIeXJjiXHHJob8Xs7fQPujsZ8y3dALH6Q1261UJJjBnrOm5Sa/Ur73rM4/dct7egpHP5WNz HOdh9UP1XbVN3am+qb6hblO3qlvUZrVJ3aB6VY/KLHScs9Tparwao3xqr+a9o95Wu9VLw9Z/Qe1Q VVq2oNDb5/TCA4/x0N/vxL7cPugXPNMO9/XR4bbfEI7Ev0CaejRfT0XfjO1nKvuh3X7Wsk/y6ItE ovcZzN6BjrdY9LNZwHif01zjvcaO81bxtnEUDnH7ljZEgtNzY7cu17t12dlZ/lzXn5s31Z+XO9Vt aGwOHurGHe78dXa2fKx7R+cjY+LkcLBxcSR4aWZj6kzdCxlzguGVwZbgmsnujKzs3KxZuQdZ9VDH 17Q0S1tta7c/Fy8P7n8MZU7Xkeb4/ToN+pfj+mflZWfnZfvd9qXhULDtwENd3NwQaa6Pil6Pv2b8 Id9T2+fwhpeP7PtvAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAPi/IiE29vYYM8ZeqHYyTNJRbmxJquMGUp1Tz3WcY3JwAAAAAAAAAAAAAAAAAAAA APAJsnVvX9+h5o+KjQkjzNvexv+zBgAAAIBjKpDquMZnLjPrzAf9Qx3R+tWpjklK0+9ySeb4/+ZD BQAAAAAAH0eC6e8/wzyS6F1bMdH7i+y3X/pl/jkj/XEWAAAAAAD87xZIPeD/XQfi0zQGRpgPAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAABwKAt2JDumOtWJX8+314dJUONHWHfHO319Tc8kOwkjzLPL97zb1zd4 2jhdj+5vyYH7Gx8rcbe3vYxErR9fKJDq+Oyg9S99LtmJH8vg7dvlbZFfDBy/nX/5zoHlrXk/9+bH lx8sKX47dT7SNNwX29/w5azpI9zmPVp+zK6B5e311171rtvll+4bej6siTclOaMGb1P7Ln2vr2/w Prfs9dYbaf2Dsvdp7H7NOOKVjr35r3vn+8TOKYGk94cev1/XH/qZNz86L2nougFNSzzHmOj5mWfM 4z7jJvX3O5t0PuzpsSWY8f3mJ3rEqCVa/pSdSdHt2XNmN/fETJ9jl4uvM3gfAU279cWk/fP7Y9Pj 17fu/QPONwB8gmzQ69e0Lw68vsVfz+z07/ckOWdr3oaXUw54vz8Yu516vQddsm/g/ahdXaFuULeq u9Wj6mn1hvqd+kid+FFf3xmqV934kbd+/H3PviS7yheblmwnjjMmfmCp6gEdb4q9Uu187LezUMey 1SbS3L7aLM7PiiwNtWVFpxRWVZaUzV1cW1pcXp6fZSdHmk11TVllXXFNfkNHJNvoQkV+Y3tbJGea Ka2qKM7PCre3d5rC8oLa2uqCutL8rK5IOKulvbGhJWtF08rszJzMnLxMM79WG4guWVFQpk2vaghn tTaEWry1y6vmVhZoW9Er1QVztWxrezhoSuqqF1drw2UXFi+uqCoqzl9YXGvmlFcVzqstW1ScP894 e7THnxfdr3dp/9X9F7zjiQy7vv9qfXZ2zfThS8eP3k431QuKYrc0dm5im89aqRME0183ady1RZPG V78fqLPPkq5RG5vHP1CvDyXVT/b85qPrB82fEJ9f9NNA+ck7E8zAYuvfi39Gsc/TsbpR/wVGGSLi ADADAA== ------=_NextPart_000_00D4_01C29BF8.F761ED60-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ipfw" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?00d701c29c22$e04bcb80$0100a8c0>