From owner-freebsd-ipfw@FreeBSD.ORG Mon Oct 1 11:07:20 2012 Return-Path: Delivered-To: freebsd-ipfw@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 4EEDD106564A for ; Mon, 1 Oct 2012 11:07:20 +0000 (UTC) (envelope-from owner-bugmaster@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id 393C48FC17 for ; Mon, 1 Oct 2012 11:07:20 +0000 (UTC) Received: from freefall.freebsd.org (localhost [127.0.0.1]) by freefall.freebsd.org (8.14.5/8.14.5) with ESMTP id q91B7Kto025001 for ; Mon, 1 Oct 2012 11:07:20 GMT (envelope-from owner-bugmaster@FreeBSD.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.14.5/8.14.5/Submit) id q91B7JXr024999 for freebsd-ipfw@FreeBSD.org; Mon, 1 Oct 2012 11:07:19 GMT (envelope-from owner-bugmaster@FreeBSD.org) Date: Mon, 1 Oct 2012 11:07:19 GMT Message-Id: <201210011107.q91B7JXr024999@freefall.freebsd.org> X-Authentication-Warning: freefall.freebsd.org: gnats set sender to owner-bugmaster@FreeBSD.org using -f From: FreeBSD bugmaster To: freebsd-ipfw@FreeBSD.org Cc: Subject: Current problem reports assigned to freebsd-ipfw@FreeBSD.org X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 01 Oct 2012 11:07:20 -0000 Note: to view an individual PR, use: http://www.freebsd.org/cgi/query-pr.cgi?pr=(number). The following is a listing of current problems submitted by FreeBSD users. These represent problem reports covering all versions including experimental development code and obsolete releases. S Tracker Resp. Description -------------------------------------------------------------------------------- o kern/169206 ipfw [ipfw] ipfw does not flush entries in table o conf/167822 ipfw [ipfw] [patch] start script doesn't load firewall_type o kern/166406 ipfw [ipfw] ipfw does not set ALTQ identifier for ipv6 traf o kern/165939 ipfw [ipw] bug: incomplete firewall rules loaded if tables o kern/165190 ipfw [ipfw] [lo] [patch] loopback interface is not marking f kern/163873 ipfw [ipfw] ipfw fwd does not work with 'via interface' in o kern/158066 ipfw [ipfw] ipfw + netgraph + multicast = multicast packets o kern/157796 ipfw [ipfw] IPFW in-kernel NAT nat loopback / Default Route o kern/157689 ipfw [ipfw] ipfw nat config does not accept nonexistent int f kern/155927 ipfw [ipfw] ipfw stops to check packets for compliance with o bin/153252 ipfw [ipfw][patch] ipfw lockdown system in subsequent call o kern/153161 ipfw [ipfw] does not support specifying rules with ICMP cod o kern/152113 ipfw [ipfw] page fault on 8.1-RELEASE caused by certain amo o kern/148827 ipfw [ipfw] divert broken with in-kernel ipfw o kern/148689 ipfw [ipfw] antispoof wrongly triggers on link local IPv6 a o kern/148430 ipfw [ipfw] IPFW schedule delete broken. o kern/148091 ipfw [ipfw] ipfw ipv6 handling broken. o kern/143973 ipfw [ipfw] [panic] ipfw forward option causes kernel reboo o kern/143621 ipfw [ipfw] [dummynet] [patch] dummynet and vnet use result o kern/137346 ipfw [ipfw] ipfw nat redirect_proto is broken o kern/137232 ipfw [ipfw] parser troubles o kern/135476 ipfw [ipfw] IPFW table breaks after adding a large number o o kern/129036 ipfw [ipfw] 'ipfw fwd' does not change outgoing interface n p kern/128260 ipfw [ipfw] [patch] ipfw_divert damages IPv6 packets o kern/127230 ipfw [ipfw] [patch] Feature request to add UID and/or GID l f kern/122963 ipfw [ipfw] tcpdump does not show packets redirected by 'ip s kern/121807 ipfw [request] TCP and UDP port_table in ipfw o kern/121122 ipfw [ipfw] [patch] add support to ToS IP PRECEDENCE fields o kern/116009 ipfw [ipfw] [patch] Ignore errors when loading ruleset from o bin/104921 ipfw [patch] ipfw(8) sometimes treats ipv6 input as ipv4 (a o kern/104682 ipfw [ipfw] [patch] Some minor language consistency fixes a o kern/103454 ipfw [ipfw] [patch] [request] add a facility to modify DF b o kern/103328 ipfw [ipfw] [request] sugestions about ipfw table o kern/102471 ipfw [ipfw] [patch] add tos and dscp support o kern/97951 ipfw [ipfw] [patch] ipfw does not tie interface details to o kern/95084 ipfw [ipfw] [regression] [patch] IPFW2 ignores "recv/xmit/v o kern/86957 ipfw [ipfw] [patch] ipfw mac logging o bin/83046 ipfw [ipfw] ipfw2 error: "setup" is allowed for icmp, but s o kern/82724 ipfw [ipfw] [patch] [request] Add setnexthop and defaultrou o bin/78785 ipfw [patch] ipfw(8) verbosity locks machine if /etc/rc.fir o bin/65961 ipfw [ipfw] ipfw2 memory corruption inside add() o kern/60719 ipfw [ipfw] Headerless fragments generate cryptic error mes s kern/55984 ipfw [ipfw] [patch] time based firewalling support for ipfw o kern/48172 ipfw [ipfw] [patch] ipfw does not log size and flags o kern/46159 ipfw [ipfw] [patch] [request] ipfw dynamic rules lifetime f a kern/26534 ipfw [ipfw] Add an option to ipfw to log gid/uid of who cau 46 problems total. From owner-freebsd-ipfw@FreeBSD.ORG Wed Oct 3 16:51:52 2012 Return-Path: Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id D1C29106564A for ; Wed, 3 Oct 2012 16:51:52 +0000 (UTC) (envelope-from kudzu@tenebras.com) Received: from mail-lb0-f182.google.com (mail-lb0-f182.google.com [209.85.217.182]) by mx1.freebsd.org (Postfix) with ESMTP id 5128C8FC0C for ; Wed, 3 Oct 2012 16:51:52 +0000 (UTC) Received: by lbdb5 with SMTP id b5so7903159lbd.13 for ; Wed, 03 Oct 2012 09:51:51 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=mime-version:date:message-id:subject:from:to:content-type :x-gm-message-state; bh=MO+TEaUKe4chnMHheKXm+CGB6MyOydMlO15OAMR9mYE=; b=FN8jjimmrBo6UemOXzPngHJRbpdakLxgOFpt0cMFS4+gcjM1Vfz5xvrxsZAb0YAkoY Ra8qr3spxzCbH59w3EOedt6jqI+JSsaxIAtbEDGuMF781XrhJ75K4DsYl2xJMaFre/Ay AGRAqU4Dv/rm5TtW/th3w+tMUDO01hoV1DL+2Odl84x8RVKsTbQu9eTv08Kw2XN1uLL5 vNH3Vih3reQsOco3n/PPxa6ayCBDT8f9T0da35ibqGbSQxmR4LjZ2bTUnWS+7n5Gyblx lH3dToJ/VzAYMYIJeRIIKrO0eNJRa5BUFxq5WAinS7GWGhX+8kayPw3U2Kc1sQTdEcAR 37kg== MIME-Version: 1.0 Received: by 10.112.37.7 with SMTP id u7mr1939055lbj.30.1349283111052; Wed, 03 Oct 2012 09:51:51 -0700 (PDT) Received: by 10.112.42.40 with HTTP; Wed, 3 Oct 2012 09:51:50 -0700 (PDT) Date: Wed, 3 Oct 2012 09:51:50 -0700 Message-ID: From: Michael Sierchio To: freebsd-ipfw@freebsd.org Content-Type: text/plain; charset=ISO-8859-1 X-Gm-Message-State: ALoCoQlK0G1sZWhP8ArHCAQmvUKqoNJOCiQB85nGkohEA3tblhW5ISo8Bjo2PczNO2qMwZTg0JdB Subject: logging tablearg ?? X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 03 Oct 2012 16:51:52 -0000 Julian Elischer (and possibly others) - on 8.3-RELEASE-p4... I have a table with ca. 84,000 networks, and the table arg is a classifier based on criteria the firewall ruleset doesn't care about - but I really would like to log the data. I've discovered that logging the lookup command doesn't log the table arg, just the src-ip ipfw add 500 skipto 65000 log logamount 0 lookup src-ip 1 log entry looks like: Oct 3 16:41:49 fedallah kernel: ipfw: 500 SkipTo 65000 TCP 69.109.215.188:53297 10.160.78.12:3222 in via xn0 Of course I don't have any reason to expect this to work, since it's an aspirational use of the mechanism. But I think it might be powerful and useful for folks who actually use firewall logs in support of IDS/IPS etc. - M