Hello all,
I am still trying to understand my situation.
FreeBSD 6.1-RELEASE-p2
ipf: IP Filter: v4.1.8 (416)
Kernel: IP Filter: v4.1.8
sysctl.conf variables in question:
net.inet.ipf.fr_tcpclosed=1
net.inet.ipf.fr_tcpclosewait=60
net.inet.ipf.fr_tcphalfclosed=300
net.inet.ipf.fr_tcpidletimeout=7200
net.inet.ipf.fr_tcplastack=20
net.inet.ipf.fr_tcptimeout=120
net.inet.ipf.fr_udptimeout=120
Darren had responded letting me know that these particular settings
required ipfilter to be in a disabled state to change them. Well, the
ipf -D command will not work with ipf being compiled into the kernel. I
have tried using:
ipfilter_enable="YES"
ipfilter_flags="-D -T
fr_tcpclosed=1,fr_tcpclosewait=60,fr_tcphalfclosed=300,fr_tcpidletimeout=7200,fr_tcplastack=20,fr_tcptimeout=
120,fr_udptimeout=120 -E"
in the rc.conf, but that doesnt work. I ended up with the following when
I tried:
Jun 28 15:52:35 imap kernel: Fatal trap 12: page fault while in kernel
mode
Jun 28 15:52:35 imap kernel: fault virtual address = 0x88
Jun 28 15:52:35 imap kernel: fault code = supervisor read, page
not present
Jun 28 15:52:35 imap kernel: instruction pointer =
0x20:0xc046d409
Jun 28 15:52:35 imap kernel: stack pointer = 0x28:0xd98dea58
Jun 28 15:52:35 imap kernel: frame pointer =
0x28:0xd98dea60
Jun 28 15:52:35 imap kernel: code segment = base 0x0,
limit 0xfffff, type 0x1b
Jun 28 15:52:35 imap kernel: = DPL 0, pres 1, def32 1, gran 1
Jun 28 15:52:35 imap kernel: processor eflags = interrupt enabled,
resume, IOPL = 0
Jun 28 15:52:35 imap kernel: current process = 259 (ipf)
Jun 28 15:52:35 imap kernel: trap number = 12
Jun 28 15:52:35 imap kernel: panic: page fault
Jun 28 15:52:35 imap kernel: Uptime: 4s
Jun 28 15:52:35 imap kernel: Cannot dump. No dump device defined.
Jun 28 15:52:35 imap kernel: Automatic reboot in 15 seconds - press a
key on the console to abort
Is there a way to change these settings when you are using a kernel
compiled version of IPF?
Thank you,
Peter Clark
