Date: Wed, 3 Oct 2001 15:22:25 +0200 From: Michel Talon <michel@lpthe.jussieu.fr> To: freebsd-stable@freebsd.org Subject: ipfilter problems Message-ID: <20011003152225.A16349@lpthe.jussieu.fr>
next in thread | raw e-mail | index | archive | help
Hello, I have investigated a problem with ipfilter in FreeBSD. The following sequence, which is initiated by /etc/rc.network kldload ipl ipf -Fa -f /etc/ipf.rules ipmon -Ds followed by kldunload ipl panics the machine. From the following startup messages, it appears that the running program causing panic is ipmon. A backtrace does not show that the panic is in ipl itself, apparently. If ipmon is not running there is no problem kldunloading ipl. There is a second problem, most obvious on laptops with pcmcia network cards. Since the card is still not initialized when ipf -Fa -f /etc/ipf.rules runs, in fact the firewall blocks everything and /var/log/messages fills up fast with ipmon messages. It is necessary to run ipf -Fa -f /etc/ipf.rules again to get proper behavior. I think running ipf as a dhcp hook or a ppp hook would be preferable for laptops, and replacing the first call to ipf by ipf -Fa. -- Michel Talon To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20011003152225.A16349>