I logged into one of my Solaris 10 hosts today to add some additional firewall rules, and noticed that the ipfilter service was in the maintenance state:
$ svcs -x ipfilter
svc:/network/ipfilter:default (IP Filter)
State: maintenance since Sat Oct 28 15:56:30 2006
Reason: Start method failed repeatedly, last exited with status 2.
See: http://sun.com/msg/SMF-8000-KS
See: ipfilter(5)
See: /etc/svc/volatile/network-ipfilter:default.log
Impact: This service is not running.
This is odd, considering this was working the last time I had checked up on the server. When I dumped out the logfile mentioned in the service state listed above, I noticed that the shell script that starts ipfilter was bombing out at line 180:
$ cat /etc/svc/volatile/network-ipfilter:default.log
[ Oct 28 15:56:16 Enabled. ]
[ Oct 28 15:56:27 Executing start method ("/lib/svc/method/ipfilter start") ]
/lib/svc/method/ipfilter: syntax error at line 180: `end of file' unexpected
[ Oct 28 15:56:27 Method "start" exited with status 2 ]
[ Oct 28 15:56:27 Executing start method ("/lib/svc/method/ipfilter start") ]
/lib/svc/method/ipfilter: syntax error at line 180: `end of file' unexpected
[ Oct 28 15:56:28 Method "start" exited with status 2 ]
[ Oct 28 15:56:28 Executing start method ("/lib/svc/method/ipfilter start") ]
/lib/svc/method/ipfilter: syntax error at line 180: `end of file' unexpected
Since I didn’t modify /lib/svc/method/ipfilter, I started to wonder why ipfilter all of a sudden quit working. The erorr message above indicated that there was an error in the script at line 180, which is a bit misleading considering the script only has 179 lines:
$ cat /lib/svc/method/ipfilter | wc -l
179
To find the actual line that was causing the issue, I decided to change the shell in /lib/svc/method/ipfilter from /sbin/sh to /bin/bash ( As a side note – I still don’t quite understand why anyone would use /sbin/sh on Solaris hosts, considering zsh, tsch and bash are available. If the reason is because of dependencies, Sun should consider moving the shells folks actually use into one of the core packages!). Once I made this change and invoked the script with the start option, bash notified me that line 123 was actually to blame:
$ /lib/svc/method/ipfilter start
/lib/svc/method/ipfilter: line 123: unexpected EOF while looking for
matching ``'
/lib/svc/method/ipfilter: line 180: syntax error: unexpected end of
file
Upon inspecting the ipfitler script in more detail, I noticed that a “`” character was missing on line 123:
case "$1" in
start)
[ ! -f ${IPFILCONF} ] && exit 0
[ -n "$pfildpid" ] && kill -TERM $pfildpid 2>/dev/null
[ -n "$pid" ] && kill -TERM $pid 2>/dev/null
/usr/sbin/pfild >/dev/null
if load_ippool && load_ipf && load_ipnat ; then
ipmon -Dsv` <------- PROBLEM
else
Once I removed the “`” from line 123, everything worked as expected. I am still not certain what caused this to happen in the first place, and the sunsolve and opensolaris bug database are not much help. If anyone else happens to experience this issue, please let me know!