Date: Thu, 24 Sep 2009 15:03:43 -0700 From: Chris St Denis <chris@smartt.com> To: "freebsd-questions@freebsd.org" <freebsd-questions@freebsd.org> Subject: ipfw: install_state: entry already present, done Message-ID: <4ABBECBF.8050505@smartt.com>
next in thread | raw e-mail | index | archive | help
I'm trying to setup a stateful firewall for my server such that any
traffic can go out, and it's reply come back. However I'm getting the
error message "ipfw: install_state: entry already present, done"
repeated many times in my logs (tho the rules seemed to work fine
otherwise).
I stripped down the rules to the minimum I could and discovered the line
causing it is "allow udp from me to any keep-state". The similar line
for TCP also causes it too if the "setup" keyword is left off. But UDP
does not work if I put the setup keyword on it's line (because there is
no setup for UDP I assume)
Full firewall rules:
dns2# ipfw list
00100 allow ip from any to any via lo0
00200 deny ip from any to 127.0.0.0/8
00300 deny ip from 127.0.0.0/8 to any
00400 allow udp from me to any keep-state
65535 deny ip from any to any
I found some search results for this error message, but none seem to
have a solution to the problem.
System info:
dns2# uname -a
FreeBSD dns2 7.2-RELEASE-p2 FreeBSD 7.2-RELEASE-p2 #0: Wed Jun 24
00:14:35 UTC 2009
root@amd64-builder.daemonology.net:/usr/obj/usr/src/sys/GENERIC amd64
Hardware: virtual server under vmWare ESXi (not that that should matter)
network card: em0
--
Chris St Denis
Programmer
SmarttNet (www.smartt.com)
Ph: 604-473-9700 Ext. 200
-------------------------------------------
"Smart Internet Solutions For Businesses"
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4ABBECBF.8050505>