Date: Tue, 14 Dec 2010 19:44:57 GMT From: Thomas Sandford <freebsduser@paradisegreen.co.uk> To: freebsd-gnats-submit@FreeBSD.org Subject: conf/153155: [PATCH] [8.2-BETA1] ipfw rules fail to load cleanly on start if nat enabled Message-ID: <201012141944.oBEJivGQ045078@red.freebsd.org> Resent-Message-ID: <201012141950.oBEJo8xD029300@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 153155 >Category: conf >Synopsis: [PATCH] [8.2-BETA1] ipfw rules fail to load cleanly on start if nat enabled >Confidential: no >Severity: non-critical >Priority: low >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Tue Dec 14 19:50:08 UTC 2010 >Closed-Date: >Last-Modified: >Originator: Thomas Sandford >Release: FreeBSD 8.2-BETA1 i386 >Organization: >Environment: FreeBSD fbsd-8.2 8.2-BETA1 FreeBSD 8.2-BETA1 #0: Sun Dec 5 02:13:37 UTC 2010 root@almeida.cse.buffalo.edu:/usr/obj/usr/src/sys/GENERIC i386 >Description: /etc/rc.d/ipfw fails to load the ipdivert module when natd is enabled. This causes the divert rules that /etc/rc.firewall adds in this case to fail on system boot, with the following error message displayed during ipfw rule load: ipfw: getsockopt(IP_FW_ADD): Invalid argument Restarting ipfw works around the problem as /etc/rc.d/natd (which is run _after_ ipfw is intialised) DOES load ipdivert. >How-To-Repeat: In /etc/rc.conf === .. natd_enable="YES" natd_interface="em0" firewall_enable="YES" firewall_type="Client" .. === >Fix: Apply the attached patch. This is verified to fix the problem in 8.2-BETA1, also 8.1-RELEASE. The patched file is identical in HEAD (against which the patch has been created) and 8.2-BETA1. Patch attached with submission follows: Index: rc.d/ipfw =================================================================== --- rc.d/ipfw (revision 216439) +++ rc.d/ipfw (working copy) @@ -31,6 +31,10 @@ required_modules="$required_modules ipfw_nat" fi fi + + if checkyesno natd_enable; then + required_modules="$required_modules ipdivert" + fi } ipfw_start() >Release-Note: >Audit-Trail: >Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201012141944.oBEJivGQ045078>