Bug 27905

Summary: ipf unable to insert rule of 'log' is used
Product: Base System Reporter: quinot <quinot>
Component: kernAssignee: Darern Reed <darrenr>
Status: Closed FIXED    
Severity: Affects Only Me    
Priority: Normal    
Version: 5.0-CURRENT   
Hardware: Any   
OS: Any   

Description quinot 2001-06-06 11:20:00 UTC 
With the following ipfilter config file:
---------- cut here
# Group 21 is outbound ACL for interface xl0
block out log quick on xl0 from any to any head 21

# Default is deny

#block out from any to any group 21
# This line works

block out log from any to any group 21
# With that line (same + 'log') ipf gets EEXIST when inserting the rule.

# Branch to group 211 for three hosts that require specific processing

skip 3 out from any to 10.10.0.142 group 21
skip 2 out from any to 10.10.0.140 group 21
skip 1 out from any to 10.10.0.154 group 21
skip 1 out from any to any group 21
block out log from any to any head 211 group 21
---------- cut here

when running 'ipf -I -Fa -f the_config_file', the following error
is produced:
  20:ioctl(add/insert rule): File exists

If the 'log' keyword is removed from line 20, then no error is
produced.

This problem is also reproduced with -CURRENT as of May 30th.

Fix: 

None known so far.
How-To-Repeat: 	Cut/paste the ACL above to a file.
	Run ipf -I -Fa -f the_file
	Swap commenting-out of 'This line works/That line doesn't'
	Run ipf -I -Fa -f the_file again.
Comment 1 Thomas Quinot 2001-07-08 23:08:21 UTC 
A fix for this problem is included in release 3.4.19 of IPfilter.

--
    Thomas.Quinot@Cuivre.FR.EU.ORG
Comment 2 dwmalone freebsd_committer freebsd_triage 2001-07-09 10:38:20 UTC 
Responsible Changed
From-To: freebsd-bugs->darrenr

Give this PR to Darren - it can be closed when 3.4.19 is imported.
Comment 3 Darern Reed freebsd_committer freebsd_triage 2001-07-30 23:56:42 UTC 
State Changed
From-To: open->closed

fixed in latest import (3.4.20)