#4312 Bug IPFW module with FreeBSD

Other
closed-fixed
nobody
1.660 (2)
5
2013-10-23
2013-10-18
Evolvia
No

Hi,

I have found a bug with the ipfw module.

If I install rule with command line and if this rule include a table when I click to "revert configuration" button, rule appear well, but after I can't "apply configuration" the error message is:
Failed to apply configuration : /sbin/ipfw add 00010 deny ip from table(1) to any failed :

To reproduce the bug try this:

Clean all rule with command line with:
ipfw -q -f flush

insert this rule with command line:
ipfw table 1 add 127.0.0.2
ipfw add 10 deny ip from 'table(1)' to any

and then click to "revert configuration" on the webmin interface, rule appear.

Finaly click to "apply configuration".

My system is:
FreeBSD 9.1
Webmin 1.660

Discussion

  • Jamie Cameron

    Jamie Cameron - 2013-10-18

    What happens if you run :

    ipfw add 10 deny ip from "table(1)" to any

    as root from the shell .. does that succeed, and if not what error message do you get?

     
  • Evolvia

    Evolvia - 2013-10-19

    this command ( ipfw add 10 deny ip from "table(1)" to any ) works fine.

     
  • Jamie Cameron

    Jamie Cameron - 2013-10-19

    What if you run the command :

    ipfw /etc/webmin/ipfw/ipfw.rules

    (assuming that /etc/webmin/ipfw/ipfw.rules is the file you manually added the rule to)

     
  • Evolvia

    Evolvia - 2013-10-20

    If i try your command I have this error:

    root@xxxxx:/root # ipfw /usr/local/etc/webmin/ipfw/ipfw.rules
    Line 1: bad command `deny'

    rules in this file are:

    00010 deny ip from table(1) to any
    65535 allow ip from any to any

     
  • Jamie Cameron

    Jamie Cameron - 2013-10-21

    Do you have quotes around table(1) or not? If so, you should remove them from the ipfw.rules file - they aren't necessary, even though they are needed if you add that rule from the command line.

     
  • Evolvia

    Evolvia - 2013-10-21

    table(1) isn't quoted but this the problem.
    When I quote table(1) in the file all works fine, but if table(1) isn't quoted in the file I have an error when i try to click "apply configuration" on webmin interface.

    And when I click to "revert button" on the interface, rules added on the file but table(1) isn't quoted so when i click "apply configuration" error appear.

     
  • Jamie Cameron

    Jamie Cameron - 2013-10-21

    Ok, I am doing some tests with this now. Are you running IPFW version 1 or 2 there? The version should be displayed at the top of the "BSD Firewall" module.

     
  • Evolvia

    Evolvia - 2013-10-22

    Version 1

    otherwise is it possible to add a button to edit directly the file (/usr/local/etc/webmin/ipfw/ipfw.rules) which store the ipfw configuration such as other module than apache, sendmail etc...

     
  • Jamie Cameron

    Jamie Cameron - 2013-10-23
    • status: open --> closed-fixed
     
  • Jamie Cameron

    Jamie Cameron - 2013-10-23

    Ok, I see the bug that causes this now - this will be fixed in the next Webmin release.

     

Log in to post a comment.