ipf 3.4.32 Crashing Solaris 8 with recomended patches installed

Hi

This seems to be happening to other folx on the list as well. Here's
what's happening for me...

Solaris 5.8 (5/03) with today's recommended patch cluster and J2EE patch
cluster from Sun. All network services disabled except for 514 UDP
(syslogd) and 22 TCP (sshd).

I have built ipfilter using Sun's /usr/ccs/bin/make and GCC version 3.3
from sunfreeware.com.

The loadable kernel module loads OK at boot, I'm not sure if the
automountd problem is related::

Sep 26 15:05:04 sotp1 ipf: [ID 920137 kern.notice] IP Filter: attach to
[ce1,1] - IPv4
Sep 26 15:05:04 sotp1 ipf: [ID 989912 kern.notice] IP Filter: v3.4.32,
attaching complete.
Sep 26 15:05:05 sotp1 automountd[142]: [ID 956970 daemon.error]
svc_create: cannot register 100099 v
ers 4 on ticotsord
Sep 26 15:05:05 sotp1 automountd[142]: [ID 668993 daemon.error] unable
to create service

Now, with no ruleset loaded the box does not panic.

If I load the following ruleset, it will panic after I've done a few
nslookups and a ping or two:

block in log quick from any to any with ipopts
block in log quick proto tcp from any to any with short
block in log quick from 192.168.0.0/16 to any
block in log quick from 172.16.0.0/12 to any
block in log quick from 10.0.0.0/8 to any
block in log quick from 0.0.0.0/8 to any
block in log quick from 169.254.0.0/16 to any
block in log quick from 192.0.2.0/24 to any
block in log quick from 204.152.64.0/23 to any
block in log quick from 224.0.0.0/3 to any
pass out quick on ce1 all head 10
block out quick from 127.0.0.0/8 to any group 10
block out quick from any to 127.0.0.0/8 group 10
block out log quick from any to 129.94.112.105/32 group 10
pass out quick proto udp from 129.94.112.105/32 to any port = 53
keep state group 10
block return-rst in quick proto tcp all head 20
block in log quick from 127.0.0.0/8 to any group 20
pass in quick proto tcp from 129.94.0.0/16 to 129.94.112.105/32 port =
22 group 20
block in quick all head 30
block in log quick from 127.0.0.0/8 to any group 30


However, if I remove the line with "keep state" it does not panic. So it
seems that the "keep state" is causing the problem.

Is this rule written badly? Even if it is written badly, you'd hope that
it wouldn't crash the OS!

Is there a version that is more stable that this? An older version perhaps?

Is anyone running ipfilter on Solaris 8 with recent recommended patches
installed?

Thankyou

Jesse