I've been able to verify the problems with the DNS forwarder in
pb24r584 on another system with a different filter rule configuration
(it didn't show up on mine). It's related to the fact that ipfilter
3.4.33pre2, which was imported in pb24, does not continue adding rules
if a duplicate rule is found - it simply aborts. That duplicate was
present whenever at least one optional interface was activated. Fixing
that problem (the duplicate rule) alone isn't the complete solution,
though, as there's nothing to prevent the user from adding a duplicate
rule via the webGUI, thus causing ipf to abort the rule adding process
at the first dupe - very bad! Also, it's difficult for the webGUI to
verify if duplicate rules are present (e.g. with rules that use aliases
- the alias could resolve to a non-conflicting address when the rule is
added, but later be changed and create a duplicate rule).
I'll revert to ipfilter 3.4.31 and released a working version
(pb24r585) as soon as possible. Meanwhile, pb24r584 has been removed
and everybody who already runs pb24r584 is STRONGLY URGED TO UPGRADE
because some other rules are missing due to this bug as well.
Sorry, folks. Looks like I'll have to patch ipfilter in the future to
just skip duplicate rules instead of breaking down.