Latest patch from BugId 194381 breaks i386 compatibility. IPFW on i386 needs 32-bit values to be used as optional table field (used to store time), but patched version introduces 'long long', and ipfw table entry timeout goes to far far future, prevents them to be removed by bruteblockd. Without patching 'bruteblock.c' port works well. I think patching 'bruteblock.c' should not be done on i386. May be conditional Makefile?
A commit references this bug: Author: amdmi3 Date: Thu Apr 9 01:04:56 UTC 2015 New revision: 383615 URL: https://svnweb.freebsd.org/changeset/ports/383615 Log: - Fix printing time_t on i386 PR: 199263 Submitted by: fesse@mail.ru Changes: head/security/bruteblock/Makefile head/security/bruteblock/files/patch-bruteblock.c
My bad, I've overlooked this. Aleksey, Ronald, could you both please check that it now works correctly on i386 and arm?
Yes, it work fine now on i386. --- It seem to be another bug in this port. Bruteblockd doesn't start automatically on system reboot, but manual start after logging in work fine. Console output: Starting bruteblockd. Shared object "libpcre.so.1" not found, required by bruteblockd /etc/rc: WARNING: failed to start bruteblockd. I think it is because bruteblockd starts too early, before ldconfig path is configured. I change startup script by adding DAEMON to REQUIRE string and problem disappeared. I don't know is it common problem or related to my system only, so need further research. FreeBSD XXX.ru 9.3-RELEASE-p12 FreeBSD 9.3-RELEASE-p12 #2: Fri Mar 27 08:36:04 MSK 2015 XXXX@XXXX.ru:/usr/obj/usr/src/sys/PAE-SERVER i386
Could you show output of `rcorder /etc/rc.d/* /usr/local/etc/rc.d/*` with default bruteblock rc.d script and after ldconfig is appended to REQUIRE: there?
Created attachment 155405 [details] rcorder (default) Output of `rcorder /etc/rc.d/* /usr/local/etc/rc.d/*` with unmodified bruteblockd rc script
Created attachment 155406 [details] rcorder (ldconfig added to REQUIRE) Output of `rcorder /etc/rc.d/* /usr/local/etc/rc.d/*` with modified bruteblockd rc script (REQUIRE: NETWORKING syslogd ldconfig)
Uh huh, so it should be fixed now.
A commit references this bug: Author: amdmi3 Date: Fri Apr 10 11:59:01 UTC 2015 New revision: 383720 URL: https://svnweb.freebsd.org/changeset/ports/383720 Log: - Fix boottime startup by requiring ldconfig in rc.d script PR: 199263 Submitted by: fesse@mail.ru Changes: head/security/bruteblock/Makefile head/security/bruteblock/files/bruteblockd.in
A commit references this bug: Author: amdmi3 Date: Fri Apr 10 12:10:25 UTC 2015 New revision: 383721 URL: https://svnweb.freebsd.org/changeset/ports/383721 Log: - Start before syslogd This is needed as bruteblock (not to be confused with bruteblockd) which is usually run from syslog, also requires ldconfig, and bruteblockd rc.d script provides it for him by depending on ldconfig and running before syslogd PR: 199263 Changes: head/security/bruteblock/Makefile head/security/bruteblock/files/bruteblockd.in
(In reply to Dmitry Marakasov from comment #2) It works for me on ARM.
Great, thank you!