From owner-freebsd-questions@FreeBSD.ORG Thu Apr 1 17:11:32 2010 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id A7BF5106564A for ; Thu, 1 Apr 2010 17:11:32 +0000 (UTC) (envelope-from tjg@soe.ucsc.edu) Received: from mail-01.cse.ucsc.edu (mail-01.cse.ucsc.edu [128.114.48.32]) by mx1.freebsd.org (Postfix) with ESMTP id 8DBEA8FC0C for ; Thu, 1 Apr 2010 17:11:32 +0000 (UTC) Received: from localhost (localhost.localdomain [127.0.0.1]) by mail-01.cse.ucsc.edu (Postfix) with ESMTP id 32A3910080DA for ; Thu, 1 Apr 2010 10:11:32 -0700 (PDT) X-Virus-Scanned: amavisd-new at mail-01.cse.ucsc.edu Received: from mail-01.cse.ucsc.edu ([127.0.0.1]) by localhost (mail-01.cse.ucsc.edu [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id UzcosQTEa9zH for ; Thu, 1 Apr 2010 10:11:32 -0700 (PDT) Received: from mail-01.cse.ucsc.edu (mail-01.cse.ucsc.edu [128.114.48.32]) by mail-01.cse.ucsc.edu (Postfix) with ESMTP id 1E70110080BF for ; Thu, 1 Apr 2010 10:11:32 -0700 (PDT) Date: Thu, 1 Apr 2010 10:11:32 -0700 (PDT) From: Tim Gustafson To: freebsd-questions@freebsd.org Message-ID: <1833158705.252071270141892098.JavaMail.root@mail-01.cse.ucsc.edu> In-Reply-To: <687350666.251831270141618031.JavaMail.root@mail-01.cse.ucsc.edu> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit X-Originating-IP: [128.114.49.22] X-Mailer: Zimbra 5.0.20_GA_3127.RHEL5_64 (ZimbraWebClient - FF3.0 ([unknown])/5.0.20_GA_3127.RHEL5_64) Subject: ipfw weirdness after csup/buildworld X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 01 Apr 2010 17:11:32 -0000 I am running: FreeBSD 8.0-STABLE amd64 After recently csup'ing to the latest sources and then a build/install cycle, my ipfw started misbehaving badly. I'm seeing lots of: ipfw: install_state: entry already present, done and also lots of: ipfw: ouch!, skip past end of rules, denying packet When I did an "ipfw list", I got something like this: 00000 ip from any to any Note the rule number is all zeros, and there's no "allow" or "deny". Adding rules or removing rules didn't fix anything, nor did an "ipfw flush". Once it was in that state, attempting to "kldunload ipfw" caused the system to hang. The only fix for now was to disable the firewall. When I went into single user mode, and did: kldload ipfw ipfw /etc/firewall.rules (which is the same ruleset I had loaded on boot) everything worked fine, but when I went into multi-user mode and did the same thing, it failed with the symptoms listed above. Just to be sure, a day after this started happening I did a csup again and another build/install cycle but got exactly the same results. Any ideas? Tim Gustafson Baskin School of Engineering UC Santa Cruz tjg@soe.ucsc.edu 831-459-5354