Jeff, I am not familiar with IP filter operation on FreeBSD. But here's my input FWIW after a quick code inspection...
1. EINVAL is expected from the kernel if you disabled support for IPv6. It basically means that the ioctl is not supported. 2. If that is the case then the user space should not give any option to any IP filter tool that could exercise IPv6. 3. In your case it looks like the tool 'ipf' is doing so. 4. Check your ipf.conf (firewall rules file; location not known to me on FreeBSD) and make sure that there are no IPv6 rules. 5. Check your init script (or whatever starts IP filter on FreeBSD) and make sure that the option -6 is not being given to it. It looks to me that during startup the ipf tool is trying to flush all v6 rules and hence this error. I also think that you should be concerned with this because I looked at the source code of the tool and it exits once it hits this error. So it will not do any other actions that you meant for it. - Ashwani On Thu, May 7, 2009 at 9:33 AM, Jeffrey D. Brower <[email protected]> wrote: > I found the (add/insert rule):File exists problem. I had duplicate rules in > the ruleset! > > I still get the SIOCIPFL6 problem. I suspect it is a problem with IPv6. > When I did the build world on this box I disabled IPv6 and I suspect that > something in IPFilter is trying to use it - but darned if I can figure out > where. Any thoughts? What can I supply to you guys that might help you > help me? > > -- Jeff > > > -----Original Message----- > From: [email protected] > [mailto:[email protected]] On Behalf Of Jeffrey D. Brower > Sent: Wednesday, May 06, 2009 9:46 PM > To: [email protected] > Subject: ioctl(SIOCIPFL6): Invalid argument > > Greetings all! > > I am building a new FreeBSD box for a firewall. The last one was running > 3.4.31 so I guess it was time. <grin> > > I get this set of messages (new to me) when I am booting: > > Enabling ipfilter > 361:ioctl(add/insert rule):File exists > 423:ioctl(add/insert rule):File exists > 703:ioctl(add/insert rule):File exists > 1:ioctl(add/insert rule):File exists > ioctl(SIOCIPFL6): Invalid argument > Installing NAT rules. > 0 entries flushed from NAT table > 0 entries flushed from NAT list > > I am concerned that lines 2 through 6 are errors, but my attention is > obviously drawn to the last one of the set of errors since it says "Invalid > argument". I can't find this on the list and Google was not my friend, so I > thought I would ask you fine folks if my ship was sinking. > > What exactly is ipfilter telling me, do I need to be worried and what can I > do to get a clean boot? > > Thanks for your help! > > -- Jeff > >
