Bug 292556 - ipfw: Adding record failed: Inappropriate ioctl for device
Summary: ipfw: Adding record failed: Inappropriate ioctl for device
Status: New
Alias: None
Product: Base System
Classification: Unclassified
Component: kern (show other bugs)
Version: 15.0-RELEASE
Hardware: amd64 Any
: --- Affects Only Me
Assignee: freebsd-ipfw (Nobody)
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2026-01-18 05:13 UTC by Michael Meiszl
Modified: 2026-02-05 06:52 UTC (History)
3 users (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Michael Meiszl 2026-01-18 05:13:59 UTC 
I don't know if this is a duplicate, the message seems to appear quite often.

What I do (for many years already, the message just showed up with FBSD 15) is to load a List from AbuseIPDB, build a shell skript from the content and start it.
This works well when started from a real shell manually, but if run from cron, it creates the error message for every line of the script.
(Note, the entries are still added, the message is just annoying)

+ ipfw table 2 flush
+ ipfw table 2 add 18.211.148.239
ipfw: Adding record failed: Inappropriate ioctl for device
added: 18.211.148.239/32 0
+ ipfw table 2 add 192.3.179.41
ipfw: Adding record failed: Inappropriate ioctl for device
added: 192.3.179.41/32 0
+ ipfw table 2 add 193.24.211.200
ipfw: Adding record failed: Inappropriate ioctl for device
added: 193.24.211.200/32 0
+ ipfw table 2 add 115.133.68.171
ipfw: Adding record failed: Inappropriate ioctl for device
...

(the remaing 1000+ lines are the same, so no need to list them here too)

The script (head) is really simple:
#!/bin/sh
ipfw table 2 flush
ipfw table 2 add 18.211.148.239
ipfw table 2 add 192.3.179.41
ipfw table 2 add 193.24.211.200
ipfw table 2 add 115.133.68.171
ipfw table 2 add 160.22.123.78

it is executed from a python script with a line like:
subprocess.run('/bin/sh -x /tmp/ipfwtable2.sh', shell=True)

(of course, the "-x" is just for debugging now, it is usually "+x"))

Of course I could tell cron to throw away the output, but I want to be noted about possible errors that can result from wront entries in the list. So this is not a good option.
Comment 1 Michael Meiszl 2026-01-18 14:46:03 UTC 
I have tried to change the python script to use different shell calls (popen system.os and so on) but the message keeps on popping up unless the calling process is run on a real terminal.

And because the real "add" command successfully works, I would guess the failing ioctl does not origin by ipfw itself but just from the surrounding shell call.

(but then, I am not a FBSD kernel guru, so this is just a guess)
Comment 2 mail_of_sergey 2026-02-05 03:07:05 UTC 
There is a workaround:
Using the -q flag should resolve the "Inappropriate ioctl for device" error for ipfw table operations
Instead of:
ipfw table TEST1 delete 0.0.0.1/32
Use:
ipfw -q table TEST1 delete 0.0.0.1/32

https://lists.freebsd.org/archives/freebsd-bugs/2025-December/031540.html
Comment 3 Michael Meiszl 2026-02-05 05:06:36 UTC 
Hmm, yeah, I am aware of the -q flag.
But sadly it was ignored the time when I have reported the bug.
I will recheck later the day and see if something has changed.
Comment 4 mail_of_sergey 2026-02-05 06:47:07 UTC 
(In reply to Michael Meiszl from comment #3)
I had a problem with my OpenVPN server: it rejected users' connections because I use client-connect and client-disconnect scripts with ipwf.

I add this flag into these client-connect and client-disconnect scripts, and now OpenVPN works fine.
Comment 5 Michael Meiszl 2026-02-05 06:52:02 UTC 
good for you, but this here is not the same.
The message do not originate from ipwf (so -q does not help), they come directly from the kernel somewhere in the tty region I would guess.

And, the message is wrong too. The ipfw action finished successfully, but afterwards something goes wrong. The monitoring task just SAYS it was ipfw, hiding the real origin.