[prev in list] [next in list] [prev in thread] [next in thread] 

List:       ipfilter
Subject:    ipf 3.4.32 Crashing Solaris 8 with recomended patches installed
From:       Jesse Reynolds <j.reynolds () unsw ! edu ! au>
Date:       2003-09-26 6:39:49
[Download RAW message or body]

Hi

This seems to be happening to other folx on the list as well. Here's 
what's happening for me...

Solaris 5.8 (5/03) with today's recommended patch cluster and J2EE patch 
cluster from Sun. All network services disabled except for 514 UDP 
(syslogd) and 22 TCP (sshd).

I have built ipfilter using Sun's /usr/ccs/bin/make and GCC version 3.3 
from sunfreeware.com.

The loadable kernel module loads OK at boot, I'm not sure if the 
automountd problem is related::

Sep 26 15:05:04 sotp1 ipf: [ID 920137 kern.notice] IP Filter: attach to 
[ce1,1] - IPv4
Sep 26 15:05:04 sotp1 ipf: [ID 989912 kern.notice] IP Filter: v3.4.32, 
attaching complete.
Sep 26 15:05:05 sotp1 automountd[142]: [ID 956970 daemon.error] 
svc_create: cannot register 100099 v
ers 4 on ticotsord
Sep 26 15:05:05 sotp1 automountd[142]: [ID 668993 daemon.error] unable 
to create service

Now, with no ruleset loaded the box does not panic.

If I load the following ruleset, it will panic after I've done a few 
nslookups and a ping or two:

block in log quick from any to any with ipopts
block in log quick proto tcp from any to any with short
block in log quick from 192.168.0.0/16 to any
block in log quick from 172.16.0.0/12 to any
block in log quick from 10.0.0.0/8 to any
block in log quick from 0.0.0.0/8 to any
block in log quick from 169.254.0.0/16 to any
block in log quick from 192.0.2.0/24 to any
block in log quick from 204.152.64.0/23 to any
block in log quick from 224.0.0.0/3 to any
pass out quick on ce1 all head 10
 block out     quick from 127.0.0.0/8 to any group 10
 block out     quick from any to 127.0.0.0/8 group 10
 block out log quick from any to 129.94.112.105/32 group 10
 pass  out     quick proto udp from 129.94.112.105/32 to any port = 53 
keep state group 10
block return-rst in quick proto tcp all head 20
 block in log quick from 127.0.0.0/8 to any group 20
 pass in quick proto tcp from 129.94.0.0/16 to 129.94.112.105/32 port = 
22 group 20
block in quick all head 30
 block in log quick from 127.0.0.0/8 to any group 30


However, if I remove the line with "keep state" it does not panic. So it 
seems that the "keep state" is causing the problem.

Is this rule written badly? Even if it is written badly, you'd hope that 
it wouldn't crash the OS!

Is there a version that is more stable that this? An older version perhaps?

Is anyone running ipfilter on Solaris 8 with recent recommended patches 
installed?

Thankyou

Jesse


[prev in list] [next in list] [prev in thread] [next in thread]