From owner-freebsd-ipfw@FreeBSD.ORG Sun Apr 4 10:45:30 2010 Return-Path: Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 10F69106567B for ; Sun, 4 Apr 2010 10:45:30 +0000 (UTC) (envelope-from asstec@matik.com.br) Received: from msrv.matik.com.br (msrv.matik.com.br [200.153.48.3]) by mx1.freebsd.org (Postfix) with ESMTP id 6170A8FC1E for ; Sun, 4 Apr 2010 10:45:28 +0000 (UTC) Received: from msrv.matik.com.br (localhost.matik.com.br [127.0.0.1]) by msrv.matik.com.br (8.14.4/8.14.2) with ESMTP id o34AjTHv078274 for ; Sun, 4 Apr 2010 07:45:29 -0300 (BRT) (envelope-from asstec@matik.com.br) X-Virus-Status: Clean X-Virus-Scanned: clamav-milter 0.95.3 at msrv.matik.com.br DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=matik.com.br; s=racoon; t=1270377929; bh=d4yeK4c1ZkSHGraKSUH7rzJPjuLrCqR7AqnrjxyLwYQ=; h=Message-ID:In-Reply-To:References:Date:Subject:From:To: MIME-Version:Content-Type:Content-Transfer-Encoding; b=PxMXLzCq9wbaonjDL6yQxS3x8w+bn/6TwkAeDVZsP4YihZg7SjtFX7N6OK6Q45m7T zdCyp4HxM6iy8UW3Q2693j3/oPoXqQoRErU0Dtr+oZnVz92Bn2nnRN8C453ma8xa8J ZylP3WaRqip59/juM0qbsxcHt/Slye6Y6wr0LrAM= DomainKey-Signature: a=rsa-sha1; s=default; d=matik.com.br; c=nofws; q=dns; h=received:x-authentication-warning:received:message-id: in-reply-to:references:date:subject:from:to:user-agent:mime-version: content-type:content-transfer-encoding:x-priority:importance; b=gSFNfpptal5klNUYj/+VIFahqfLOhW95cuymiS3BOGjc29aynu/Xd8nOtes1bFYoe jLhFSydC1VPyt7LE/u07F7CTP+pu4I8ZcC2lR/YKxAyPIpw+jNE4PhQDmFlWgV9Df9U iW1KGn2Z1HEnLOx8ugr0VE1bT6hl5bRqaZVk4U0= Received: (from www@localhost) by msrv.matik.com.br (8.14.4/8.14.4/Submit) id o34AjOA2078269; Sun, 4 Apr 2010 07:45:24 -0300 (BRT) (envelope-from asstec@matik.com.br) X-Authentication-Warning: msrv.matik.com.br: www set sender to asstec@matik.com.br using -f Received: from 187.42.222.1 (SquirrelMail authenticated user asstec) by wm.matik.com.br with HTTP; Sun, 4 Apr 2010 07:45:24 -0300 Message-ID: In-Reply-To: <20100401125929.GA66321@onelab2.iet.unipi.it> References: <4BB24C86.3030709@hardonline.com.br> <20100331020943.GA47928@onelab2.iet.unipi.it> <20100331164302.GA55699@korolev-net.ru> <20100331170221.GB55010@onelab2.iet.unipi.it> <20100401002014.GA57424@onelab2.iet.unipi.it> <20100401125929.GA66321@onelab2.iet.unipi.it> Date: Sun, 4 Apr 2010 07:45:24 -0300 From: "Ass.Tec. Matik" To: freebsd-ipfw@freebsd.org User-Agent: SquirrelMail/1.4.20 MIME-Version: 1.0 Content-Type: text/plain;charset=iso-8859-1 Content-Transfer-Encoding: 8bit X-Priority: 3 (Normal) Importance: Normal Subject: workaround for ipfw problem freebsd 8-S after mar-21 X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 04 Apr 2010 10:45:30 -0000 since this actually also is invalid ipfw add 65535 deny proto ip ipfw: getsockopt(IP_FW_ADD): Invalid argument you need to ipfw add 65534 deny proto ip 65534 deny ip from any to any this is a temp workaround if you have problems with ipfw which actually inserts this two bad rules at the end, independent on what your rules do: 00100 12 728 allow ip from any to any via lo0 00000 0 0 ip from any to any edit your firewall script and add directly after the flush command, depending on your default, if your default setup is to deny: ipfw add 65534 deny proto ip else ipfw add 65534 pass proto ip but before _any_ of your rules if you do not need this rule you can add at the end of your rules: ipfw delete 65534 depending on your ruleset you might get rid of the "ouch" wining (irrelevant) but important is that your firewall comes up and will work fine as before Joćo Martins Eng.Resp.Helpdesk e Suporte Matik https://suporte.matik.com.br