ipf stopped working on 5.3

[ray at redshift.com]

At 01:32 PM 10/25/2005 -0400, John Fitzgerald wrote:
| I've had ipf working on a few 5.3 servers for quite awhile. Not too long ago
| some developers had to do some coding work and were coming from dynamic
| IP's. I (reluctantly) opened up SSH to the world. Immediately I started
| seeing the attacks where bots of some sort would try to break in with a
| variety of different users.
| 
| So, I (thought) I closed it up again and told the developers to use a
| dedicated proxy. They did, but I realized that I hadn't actually closed
| things off. I was still getting attacked. I had tried, but ipf suddenly
| wasn't working. Whenever I would change the firewall rules and ipf -D and
| the ipf -E -f /etc/my.rules it would simply return:
| 
| 1:ioctl(add/insert rule): No such process
| 
| I didn't have the time to look into it at the time, but am now trying to
| figure it out. Ipf is obviously not working and I don't know why. I have
| tried recompiling the kernel a myriad of different ways. With/without ipfw,
| with/without ipsec, etc. All to no avail. Is this a bug, did I get hacked?
| 
| I have googled this quite a bit and the only thing that I found was possibly
| a buildworld scenario where something got updated and it doesn't work now. I
| didn't install src so I'm a bit out of luck on that one.
| 
| FreeBSD 5.3-RELEASE
| OpenSSH_3.8.1p1 FreeBSD-20040419, OpenSSL 0.9.7d 17 Mar 2004
| 

usually that means you are trying to run it without being root, or you have a
rule that doesn't belong to a group/head.

I ran into something else once that caused that, but now I can't remember it.
Feel free to send your ipf.rules if it's not to sensitive.

Ray