From owner-freebsd-ipfw@FreeBSD.ORG Sun Apr 27 05:23:28 2008 Return-Path: Delivered-To: freebsd-ipfw@hub.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 7BAA0106564A; Sun, 27 Apr 2008 05:23:28 +0000 (UTC) (envelope-from linimon@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id 5335C8FC1A; Sun, 27 Apr 2008 05:23:28 +0000 (UTC) (envelope-from linimon@FreeBSD.org) Received: from freefall.freebsd.org (linimon@localhost [127.0.0.1]) by freefall.freebsd.org (8.14.2/8.14.2) with ESMTP id m3R5NSUo072038; Sun, 27 Apr 2008 05:23:28 GMT (envelope-from linimon@freefall.freebsd.org) Received: (from linimon@localhost) by freefall.freebsd.org (8.14.2/8.14.1/Submit) id m3R5NSUu072034; Sun, 27 Apr 2008 05:23:28 GMT (envelope-from linimon) Date: Sun, 27 Apr 2008 05:23:28 GMT Message-Id: <200804270523.m3R5NSUu072034@freefall.freebsd.org> To: linimon@FreeBSD.org, freebsd-bugs@FreeBSD.org, freebsd-ipfw@FreeBSD.org From: linimon@FreeBSD.org Cc: Subject: Re: conf/123119: [patch] rc script for ipfw does not handle IPv6 X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 27 Apr 2008 05:23:28 -0000 Old Synopsis: rc script for ipfw does not handle IPv6 New Synopsis: [patch] rc script for ipfw does not handle IPv6 Responsible-Changed-From-To: freebsd-bugs->freebsd-ipfw Responsible-Changed-By: linimon Responsible-Changed-When: Sun Apr 27 05:22:38 UTC 2008 Responsible-Changed-Why: Over to maintainer(s). http://www.freebsd.org/cgi/query-pr.cgi?pr=123119 From owner-freebsd-ipfw@FreeBSD.ORG Sun Apr 27 11:37:52 2008 Return-Path: Delivered-To: freebsd-ipfw@hub.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id C2C211065676; Sun, 27 Apr 2008 11:37:52 +0000 (UTC) (envelope-from gavin@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id 969B48FC1F; Sun, 27 Apr 2008 11:37:52 +0000 (UTC) (envelope-from gavin@FreeBSD.org) Received: from freefall.freebsd.org (gavin@localhost [127.0.0.1]) by freefall.freebsd.org (8.14.2/8.14.2) with ESMTP id m3RBbqYf019628; Sun, 27 Apr 2008 11:37:52 GMT (envelope-from gavin@freefall.freebsd.org) Received: (from gavin@localhost) by freefall.freebsd.org (8.14.2/8.14.1/Submit) id m3RBbqBV019624; Sun, 27 Apr 2008 11:37:52 GMT (envelope-from gavin) Date: Sun, 27 Apr 2008 11:37:52 GMT Message-Id: <200804271137.m3RBbqBV019624@freefall.freebsd.org> To: freebsd-rc@FreeBSD.org, oberman@es.net, gavin@FreeBSD.org, freebsd-ipfw@FreeBSD.org From: gavin@FreeBSD.org Cc: Subject: Re: conf/123119: [patch] rc script for ipfw does not handle IPv6 X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 27 Apr 2008 11:37:52 -0000 Synopsis: [patch] rc script for ipfw does not handle IPv6 State-Changed-From-To: open->feedback State-Changed-By: gavin State-Changed-When: Sun Apr 27 11:35:43 UTC 2008 State-Changed-Why: To submitter: as far as I can tell, starting and stopping the IPv6 firewall is correctly handled in /etc/rc.d/ip6fw. Is there a reason why you believe this is broken? http://www.freebsd.org/cgi/query-pr.cgi?pr=123119 From owner-freebsd-ipfw@FreeBSD.ORG Sun Apr 27 21:40:21 2008 Return-Path: Delivered-To: freebsd-ipfw@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 36B72106566C for ; Sun, 27 Apr 2008 21:40:21 +0000 (UTC) (envelope-from SRS0=480fc8d3dfad2223885008caa09511eec116b709=684=es.net=oberman@es.net) Received: from postal1.es.net (postal3.es.net [IPv6:2001:400:14:3::8]) by mx1.freebsd.org (Postfix) with ESMTP id D5F588FC14 for ; Sun, 27 Apr 2008 21:40:20 +0000 (UTC) (envelope-from SRS0=480fc8d3dfad2223885008caa09511eec116b709=684=es.net=oberman@es.net) Received: from ptavv.es.net (ptavv.es.net [198.128.4.29]) by postal3.es.net (Postal Node 3) with ESMTP (SSL) id HZP82602; Sun, 27 Apr 2008 14:40:02 -0700 Received: from ptavv.es.net (ptavv.es.net [127.0.0.1]) by ptavv.es.net (Tachyon Server) with ESMTP id 9F4CA45010; Sun, 27 Apr 2008 14:40:02 -0700 (PDT) To: gavin@FreeBSD.org In-Reply-To: Your message of "Sun, 27 Apr 2008 11:37:52 GMT." <200804271137.m3RBbqBV019624@freefall.freebsd.org> Mime-Version: 1.0 Content-Type: multipart/signed; boundary="==_Exmh_1209332402_73640P"; micalg=pgp-sha1; protocol="application/pgp-signature" Content-Transfer-Encoding: 7bit Date: Sun, 27 Apr 2008 14:40:02 -0700 From: "Kevin Oberman" Message-Id: <20080427214002.9F4CA45010@ptavv.es.net> X-Sender-IP: 198.128.4.29 X-Sender-Domain: es.net X-Recipent: ; ; ; X-Sender: X-To_Name: X-To_Domain: freebsd.org X-To: gavin@FreeBSD.org X-To_Email: gavin@FreeBSD.org X-To_Alias: gavin Cc: freebsd-ipfw@FreeBSD.org, freebsd-rc@FreeBSD.org Subject: Re: conf/123119: [patch] rc script for ipfw does not handle IPv6 X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 27 Apr 2008 21:40:21 -0000 --==_Exmh_1209332402_73640P Content-Type: text/plain; charset=us-ascii Content-Disposition: inline > Date: Sun, 27 Apr 2008 11:37:52 GMT > From: gavin@FreeBSD.org > > Synopsis: [patch] rc script for ipfw does not handle IPv6 > > State-Changed-From-To: open->feedback > State-Changed-By: gavin > State-Changed-When: Sun Apr 27 11:35:43 UTC 2008 > State-Changed-Why: > To submitter: as far as I can tell, starting and stopping the IPv6 > firewall is correctly handled in /etc/rc.d/ip6fw. Is there a reason > why you believe this is broken? > > http://www.freebsd.org/cgi/query-pr.cgi?pr=123119 ip6fw was added to the system back with V5.0 days (not fun days for FreeBSD) when ipfw was two separate modules, one for IPv4 and another for IPv6. makonnen wrote the required script for the IPv6 module back in 2002 and it has lived on with mostly small fixes to deal with changes in the startup scripts. Back in 2006, ipfw was re-worked to make it dual stack and it now is a single module with a single management CLI, ipfw(8) and rules for IPv4 and IPv6 can all be included in a single configuration file. It really makes no sense to have two very similar startup scripts, one with a fairly non-intuitive name, for a single function. It continues the approach that IPv6 is to be treated as something separate and not an integrated part of the OS and I see no real purpose served by the separation. Now that I have looked at ip6fw, I can see that the fix I recommended is not adequate, although it will prevent the problem I ran into when I thought I was stopping all of ipfw, only to find that I was still blocked from the system (except via the console). In my spare time (translate that to "it may take a while"), I'll look at a merge of the two rc scripts so that those with separate configuration files won't find things broken. (I suspect that there are not too many of those, but their firewalls really need to be preserved.) It looks simple on the surface, but I suspect there are a few corner cases that might be a bit tricky. I may even be able to come up with a solution to NDP (the IPv6 replacement for ARP) being blocked if the system is booted with the normal "block by default" configuration. -- R. Kevin Oberman, Network Engineer Energy Sciences Network (ESnet) Ernest O. Lawrence Berkeley National Laboratory (Berkeley Lab) E-mail: oberman@es.net Phone: +1 510 486-8634 Key fingerprint:059B 2DDF 031C 9BA3 14A4 EADA 927D EBB3 987B 3751 --==_Exmh_1209332402_73640P Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.8 (FreeBSD) Comment: Exmh version 2.5 06/03/2002 iD8DBQFIFPKykn3rs5h7N1ERAhEyAJ49cHZzpREJuVpZZaWFPi+wPXeRdwCfZ8xF 4tKp7GL6KKu9rlTnZNiSlgg= =8Fba -----END PGP SIGNATURE----- --==_Exmh_1209332402_73640P-- From owner-freebsd-ipfw@FreeBSD.ORG Mon Apr 28 11:07:03 2008 Return-Path: Delivered-To: freebsd-ipfw@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 6DEE11065680 for ; Mon, 28 Apr 2008 11:07:03 +0000 (UTC) (envelope-from owner-bugmaster@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id 635128FC1A for ; Mon, 28 Apr 2008 11:07:03 +0000 (UTC) (envelope-from owner-bugmaster@FreeBSD.org) Received: from freefall.freebsd.org (localhost [127.0.0.1]) by freefall.freebsd.org (8.14.2/8.14.2) with ESMTP id m3SB73e1056149 for ; Mon, 28 Apr 2008 11:07:03 GMT (envelope-from owner-bugmaster@FreeBSD.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.14.2/8.14.1/Submit) id m3SB72rW056145 for freebsd-ipfw@FreeBSD.org; Mon, 28 Apr 2008 11:07:02 GMT (envelope-from owner-bugmaster@FreeBSD.org) Date: Mon, 28 Apr 2008 11:07:02 GMT Message-Id: <200804281107.m3SB72rW056145@freefall.freebsd.org> X-Authentication-Warning: freefall.freebsd.org: gnats set sender to owner-bugmaster@FreeBSD.org using -f From: FreeBSD bugmaster To: freebsd-ipfw@FreeBSD.org Cc: Subject: Current problem reports assigned to freebsd-ipfw@FreeBSD.org X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 28 Apr 2008 11:07:03 -0000 Current FreeBSD problem reports Critical problems Serious problems S Tracker Resp. Description -------------------------------------------------------------------------------- o kern/51274 ipfw [ipfw] [patch] ipfw2 create dynamic rules with parent o kern/73910 ipfw [ipfw] serious bug on forwarding of packets after NAT o kern/74104 ipfw [ipfw] ipfw2/1 conflict not detected or reported, manp o kern/88659 ipfw [modules] ipfw and ip6fw do not work properly as modul o kern/93300 ipfw [ipfw] ipfw pipe lost packets o kern/95084 ipfw [ipfw] [patch] IPFW2 ignores "recv/xmit/via any" (IPFW o kern/97504 ipfw [ipfw] IPFW Rules bug o kern/97951 ipfw [ipfw] [patch] ipfw does not tie interface details to o kern/98831 ipfw [ipfw] ipfw has UDP hickups o kern/102471 ipfw [ipfw] [patch] add tos and dscp support o kern/103454 ipfw [ipfw] [patch] [request] add a facility to modify DF b o kern/106534 ipfw [ipfw] [panic] ipfw + dummynet o kern/112708 ipfw [ipfw] ipfw is seems to be broken to limit number of c o kern/117234 ipfw [ipfw] [patch] ipfw send_pkt() and ipfw_tick() don't s o kern/118993 ipfw [ipfw] page fault - probably it's a locking problem f conf/123119 ipfw [patch] rc script for ipfw does not handle IPv6 16 problems total. Non-critical problems S Tracker Resp. Description -------------------------------------------------------------------------------- a kern/26534 ipfw [ipfw] Add an option to ipfw to log gid/uid of who cau o kern/46159 ipfw [ipfw] [patch] [request] ipfw dynamic rules lifetime f o kern/48172 ipfw [ipfw] [patch] ipfw does not log size and flags o kern/55984 ipfw [ipfw] [patch] time based firewalling support for ipfw o kern/60719 ipfw [ipfw] Headerless fragments generate cryptic error mes o kern/69963 ipfw [ipfw] install_state warning about already existing en o kern/71366 ipfw [ipfw] "ipfw fwd" sometimes rewrites destination mac a o kern/72987 ipfw [ipfw] ipfw/dummynet pipe/queue 'queue [BYTES]KBytes ( o bin/78785 ipfw [ipfw] [patch] ipfw verbosity locks machine if /etc/rc s kern/80642 ipfw [ipfw] [patch] ipfw small patch - new RULE OPTION o kern/82724 ipfw [ipfw] [patch] [request] Add setnexthop and defaultrou o kern/86957 ipfw [ipfw] [patch] ipfw mac logging o kern/87032 ipfw [ipfw] [patch] ipfw ioctl interface implementation o kern/91847 ipfw [ipfw] ipfw with vlanX as the device o kern/103328 ipfw [ipfw] [request] sugestions about ipfw table o kern/104682 ipfw [ipfw] [patch] Some minor language consistency fixes a o bin/104921 ipfw [patch] ipfw(8) sometimes treats ipv6 input as ipv4 (a o kern/105330 ipfw [ipfw] [patch] ipfw (dummynet) does not allow to set q o kern/107305 ipfw [ipfw] ipfw fwd doesn't seem to work o kern/111713 ipfw [dummynet] [request] Too few dummynet queue slots o kern/112561 ipfw [ipfw] ipfw fwd does not work with some TCP packets p kern/113388 ipfw [ipfw][patch] Addition actions with rules within speci o docs/113803 ipfw [patch] ipfw(8) - don't get bitten by the fwd rule o bin/115172 ipfw [patch] ipfw(8) list show some rules with a wrong form p kern/115755 ipfw [ipfw][patch] unify message and add a rule number wher o kern/116009 ipfw [ipfw] [patch] Ignore errors when loading ruleset from o kern/121122 ipfw [ipfw] [patch] add support to ToS IP PRECEDENCE fields o kern/121382 ipfw [dummynet]: 6.3-RELEASE-p1 page fault in dummynet (cor s kern/121807 ipfw [request] TCP and UDP port_table in ipfw o kern/122963 ipfw [ipfw] tcpdump does not show packets redirected by 'ip 30 problems total. From owner-freebsd-ipfw@FreeBSD.ORG Mon Apr 28 12:13:28 2008 Return-Path: Delivered-To: freebsd-ipfw@hub.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 110DD1065672; Mon, 28 Apr 2008 12:13:28 +0000 (UTC) (envelope-from gavin@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id 085AB8FC13; Mon, 28 Apr 2008 12:13:28 +0000 (UTC) (envelope-from gavin@FreeBSD.org) Received: from freefall.freebsd.org (gavin@localhost [127.0.0.1]) by freefall.freebsd.org (8.14.2/8.14.2) with ESMTP id m3SCDRPe066592; Mon, 28 Apr 2008 12:13:27 GMT (envelope-from gavin@freefall.freebsd.org) Received: (from gavin@localhost) by freefall.freebsd.org (8.14.2/8.14.1/Submit) id m3SCDR2o066588; Mon, 28 Apr 2008 12:13:27 GMT (envelope-from gavin) Date: Mon, 28 Apr 2008 12:13:27 GMT Message-Id: <200804281213.m3SCDR2o066588@freefall.freebsd.org> To: freebsd-rc@FreeBSD.org, oberman@es.net, gavin@FreeBSD.org, freebsd-ipfw@FreeBSD.org From: gavin@FreeBSD.org Cc: Subject: Re: conf/123119: [patch] rc script for ipfw does not handle IPv6 X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 28 Apr 2008 12:13:28 -0000 Synopsis: [patch] rc script for ipfw does not handle IPv6 State-Changed-From-To: feedback->open State-Changed-By: gavin State-Changed-When: Mon Apr 28 12:11:36 UTC 2008 State-Changed-Why: Response received from submitter: -------- Forwarded Message -------- From: Kevin Oberman Cc: freebsd-rc@FreeBSD.org, freebsd-ipfw@FreeBSD.org Date: Sun, 27 Apr 2008 14:40:02 -0700 > To submitter: as far as I can tell, starting and stopping the IPv6 > firewall is correctly handled in /etc/rc.d/ip6fw. Is there a reason > why you believe this is broken? ip6fw was added to the system back with V5.0 days (not fun days for FreeBSD) when ipfw was two separate modules, one for IPv4 and another for IPv6. makonnen wrote the required script for the IPv6 module back in 2002 and it has lived on with mostly small fixes to deal with changes in the startup scripts. Back in 2006, ipfw was re-worked to make it dual stack and it now is a single module with a single management CLI, ipfw(8) and rules for IPv4 and IPv6 can all be included in a single configuration file. It really makes no sense to have two very similar startup scripts, one with a fairly non-intuitive name, for a single function. It continues the approach that IPv6 is to be treated as something separate and not an integrated part of the OS and I see no real purpose served by the separation. Now that I have looked at ip6fw, I can see that the fix I recommended is not adequate, although it will prevent the problem I ran into when I thought I was stopping all of ipfw, only to find that I was still blocked from the system (except via the console). In my spare time (translate that to "it may take a while"), I'll look at a merge of the two rc scripts so that those with separate configuration files won't find things broken. (I suspect that there are not too many of those, but their firewalls really need to be preserved.) It looks simple on the surface, but I suspect there are a few corner cases that might be a bit tricky. I may even be able to come up with a solution to NDP (the IPv6 http://www.freebsd.org/cgi/query-pr.cgi?pr=123119 From owner-freebsd-ipfw@FreeBSD.ORG Mon Apr 28 19:11:13 2008 Return-Path: Delivered-To: freebsd-ipfw@hub.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 23381106566B; Mon, 28 Apr 2008 19:11:13 +0000 (UTC) (envelope-from gavin@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id F3E318FC17; Mon, 28 Apr 2008 19:11:12 +0000 (UTC) (envelope-from gavin@FreeBSD.org) Received: from freefall.freebsd.org (gavin@localhost [127.0.0.1]) by freefall.freebsd.org (8.14.2/8.14.2) with ESMTP id m3SJBCW5098855; Mon, 28 Apr 2008 19:11:12 GMT (envelope-from gavin@freefall.freebsd.org) Received: (from gavin@localhost) by freefall.freebsd.org (8.14.2/8.14.1/Submit) id m3SJBCvu098851; Mon, 28 Apr 2008 19:11:12 GMT (envelope-from gavin) Date: Mon, 28 Apr 2008 19:11:12 GMT Message-Id: <200804281911.m3SJBCvu098851@freefall.freebsd.org> To: gavin@FreeBSD.org, freebsd-bugs@FreeBSD.org, freebsd-ipfw@FreeBSD.org From: gavin@FreeBSD.org Cc: Subject: Re: kern/123174: [ipfw] table add value lists as ip/uint16 instead of uint32. X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 28 Apr 2008 19:11:13 -0000 Old Synopsis: ipfw table add value lists as ip/uint16 instead of uint32. New Synopsis: [ipfw] table add value lists as ip/uint16 instead of uint32. Responsible-Changed-From-To: freebsd-bugs->freebsd-ipfw Responsible-Changed-By: gavin Responsible-Changed-When: Mon Apr 28 19:10:46 UTC 2008 Responsible-Changed-Why: Over to maintainers http://www.freebsd.org/cgi/query-pr.cgi?pr=123174 From owner-freebsd-ipfw@FreeBSD.ORG Mon Apr 28 19:17:48 2008 Return-Path: Delivered-To: freebsd-ipfw@hub.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 25A131065670; Mon, 28 Apr 2008 19:17:48 +0000 (UTC) (envelope-from julian@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id BBAB38FC1A; Mon, 28 Apr 2008 19:17:47 +0000 (UTC) (envelope-from julian@FreeBSD.org) Received: from freefall.freebsd.org (julian@localhost [127.0.0.1]) by freefall.freebsd.org (8.14.2/8.14.2) with ESMTP id m3SJHlFd000534; Mon, 28 Apr 2008 19:17:47 GMT (envelope-from julian@freefall.freebsd.org) Received: (from julian@localhost) by freefall.freebsd.org (8.14.2/8.14.1/Submit) id m3SJHlU9000529; Mon, 28 Apr 2008 12:17:47 -0700 (PDT) (envelope-from julian) Date: Mon, 28 Apr 2008 12:17:47 -0700 (PDT) Message-Id: <200804281917.m3SJHlU9000529@freefall.freebsd.org> To: bryan@xzibition.com, julian@FreeBSD.org, freebsd-ipfw@FreeBSD.org From: julian@FreeBSD.org Cc: Subject: Re: kern/123174: [ipfw] table add value lists as ip/uint16 instead of uint32. X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 28 Apr 2008 19:17:48 -0000 Synopsis: [ipfw] table add value lists as ip/uint16 instead of uint32. State-Changed-From-To: open->closed State-Changed-By: julian State-Changed-When: Mon Apr 28 12:15:05 PDT 2008 State-Changed-Why: fixed in all affected branches post release. dupplicate of another bug (also closed) (I forget the number) the change came as part of the change allowing: ipfw table 1 add 1.2.3.4 5.6.7.8 ipfw add 100 fwd tablearg ip from table(1) to any http://www.freebsd.org/cgi/query-pr.cgi?pr=123174 From owner-freebsd-ipfw@FreeBSD.ORG Tue Apr 29 04:15:31 2008 Return-Path: Delivered-To: freebsd-ipfw@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 6BAE31065672 for ; Tue, 29 Apr 2008 04:15:31 +0000 (UTC) (envelope-from bu7cher@yandex.ru) Received: from smtp9.yandex.ru (smtp9.yandex.ru [213.180.223.91]) by mx1.freebsd.org (Postfix) with ESMTP id 737078FC0C for ; Tue, 29 Apr 2008 04:15:30 +0000 (UTC) (envelope-from bu7cher@yandex.ru) Received: from ns.kirov.so-cdu.ru ([77.72.136.145]:34764 "EHLO [127.0.0.1]" smtp-auth: "bu7cher" TLS-CIPHER: "DHE-RSA-AES256-SHA keybits 256/256 version TLSv1/SSLv3" TLS-PEER-CN1: ) by mail.yandex.ru with ESMTP id S6571295AbYD2EPZ (ORCPT + 1 other); Tue, 29 Apr 2008 08:15:25 +0400 X-Yandex-Spam: 1 X-Yandex-Front: smtp9 X-Yandex-TimeMark: 1209442525 X-MsgDayCount: 2 X-Comment: RFC 2476 MSA function at smtp9.yandex.ru logged sender identity as: bu7cher Message-ID: <4816A0DB.6060801@yandex.ru> Date: Tue, 29 Apr 2008 08:15:23 +0400 From: "Andrey V. Elsukov" User-Agent: Mozilla Thunderbird 1.5 (FreeBSD/20051231) MIME-Version: 1.0 To: julian@FreeBSD.org References: <200804281917.m3SJHlU9000529@freefall.freebsd.org> In-Reply-To: <200804281917.m3SJHlU9000529@freefall.freebsd.org> Content-Type: text/plain; charset=KOI8-R; format=flowed Content-Transfer-Encoding: 7bit Cc: freebsd-ipfw@FreeBSD.org Subject: Re: kern/123174: [ipfw] table add value lists as ip/uint16 instead of uint32. X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 29 Apr 2008 04:15:31 -0000 julian@FreeBSD.org wrote: > the change came as part of the change allowing: > ipfw table 1 add 1.2.3.4 5.6.7.8 > ipfw add 100 fwd tablearg ip from table(1) to any Hi, Julian. When I looked this PR I found another bug. There are several issues with `ipfw -n `. For example: # ipfw -n table 1 list # ifpw -n nat 1 show and probably others command which didn't use `test_only` flag. -- WBR, Andrey V. Elsukov