Bug 25809

Summary: /etc/default/rc.conf bad default ipfilter_flags
Product: Base System Reporter: Tim Zingelman <zingelman>
Component: confAssignee: freebsd-bugs (Nobody) <bugs>
Status: Closed FIXED    
Severity: Affects Only Me    
Priority: Normal    
Version: Unspecified   
Hardware: Any   
OS: Any   

Description Tim Zingelman 2001-03-14 19:50:01 UTC 
ipfilter kernel module no longer requires -E argument to /sbin/ipf command
at system startup time.  Using it results in "SIOCFRENB: Invalid argument"
message on system console.  ipfilter still works as expected.

Fix: 

##end-pr##--0D60xxsPL83NhSksVfbdWaqzCQC7jRCfteXl0qCugPD4wi6Z
Content-Type: text/plain; name="file.diff"
Content-Transfer-Encoding: 7bit
Content-Disposition: attachment; filename="file.diff"

--- /etc/defaults/rc.conf	Tue Mar 13 20:29:35 2001
+++ /etc/defaults/rc.conf.new	Wed Mar 14 13:33:12 2001
@@ -62,9 +62,7 @@
 				# see /etc/rc.network (pass1) for details
 ipfilter_rules="/etc/ipf.rules"	# rules definition file for ipfilter, see
 				# /usr/src/contrib/ipfilter/rules for examples
-ipfilter_flags="-E"		# should be *empty* when ipf is _not_ a module
-				# (i.e. compiled into the kernel) to
-				# avoid a warning about "already initialized"
+ipfilter_flags=""		# Flags to ipfilter (if enabled).
 ipnat_enable="NO"		# Set to YES for ipnat; needs ipfilter, too!
 ipnat_program="/sbin/ipnat -CF -f" # program and how to specify rules file
 ipnat_rules="/etc/ipnat.rules"	# rules definition file for ipnat
How-To-Repeat: Add to /boot/loader.conf: ipl_load="YES"
Add to /etc/rc.conf: ipfilter_enable="YES"
Create valid /etc/ipf.rules
Reboot & look at console output or log
Comment 1 Tim Zingelman 2001-03-14 20:48:26 UTC 
I can confirm also that the -E flag does NOT cause the module to be
automatically loaded.

  - Tim
Comment 2 Giorgos Keramidas freebsd_committer freebsd_triage 2002-01-09 18:00:14 UTC 
State Changed
From-To: open->feedback

In revision 1.112 of src/etc/rc.network the ipfilter code was largely 
replaced by a version written by Arjan de Vet.  Does this problem 
still persist?
Comment 3 Giorgos Keramidas freebsd_committer freebsd_triage 2002-01-11 01:36:40 UTC 
State Changed
From-To: feedback->closed

Hurray!  Tim says that the problem is gone with the latest ipfilter 
fixes, so this can be closed.  Thank you, Tim, for your speedy feedback.