While installing a policy from the GUI (or the command line) the following error message is displayed:
default.W: Security Policy Script generated into default.pf default: Compiled OK. Installing Security Policy default on all.all@lab-netra Failed to Load Security Policy: Invalid argument <-------------- !! Installing Security Policy on localhost(localhost) failed |
If you truss the policy load, you receive the following:
truss -o /tmp/truss -f -vall -rall -wall /etc/fw/bin/fw /etc/fw/conf/default.W |
The following is near the end of the truss:
1226: open("/dev/fw0", O_RDWR|O_NONBLOCK) = 7 1226: ioctl(7, 0xC0C07A18, 0xEFFFBCA0) Err#22 EINVAL |
This problem is caused by someone "plumbing" or configuring a new Ethernet interface after Firewall-1 has already started (that is, plumbing an interface by hand after the system has been booted).