BUG: 1.2.1-RC2 - Logs full of PHP errors when rules updated



  • On build 1.2.1-RC2 built on Fri Nov 7 10:06:44 EST 2008, a change in the ruleset triggers log flooding with PHP errors such as follows, one per rule:

    php: : The command '/sbin/ipfw -f add 38 set 9 allow ip from 192.168.25.0/24 to any in recv re0 ' returned exit code '69', the output was 'ipfw: getsockopt(IP_FW_ADD): Protocol not available'

    Additionally, new rules which were not pre-existing are never applied at the FW level, though the GUI reflects that they were.



  • Looking at the CVS commits, I think they just added some debugging to that effect.





  • What you're seeing is cosmetic, though I'm not sure how you would get an ipfw rule like that trying to load when ipfw isn't loaded. That isn't related to any of your firewall rules, as none of those are ipfw. You using captive portal or time based rules?

    There are likely extraneous commands being run that will be cleaned up with time, though 1.2.1 has no known problems and fixes several issues in 1.2, so we're moving ahead with the 1.2.1 release without cleaning up all of this stuff. The logging was primarily to fix a couple bugs that have been resolved.



  • @cmb:

    You using captive portal or time based rules?

    Neither, though this box is using load balanced pools.



  • Found the cause, the load balancer tries to add ipfw rules even in scenarios where they aren't needed. That won't hurt anything though, opened a ticket to come back and resolve later.



  • Thanks for creating the ticket on that. As for the new PAT rules not acting as expected, it seems to be working again in 1.2.1-RC2 Sun Nov 9 09:51:34 EST 2008, though looking at CVS, I can't figure out why.


Log in to reply