From owner-freebsd-ipfw@freebsd.org  Tue Feb 13 11:15:22 2018
Return-Path: <owner-freebsd-ipfw@freebsd.org>
Delivered-To: freebsd-ipfw@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id D033EF172FA
 for <freebsd-ipfw@mailman.ysv.freebsd.org>;
 Tue, 13 Feb 2018 11:15:22 +0000 (UTC)
 (envelope-from damian@damianek.be)
Received: from mail-io0-x229.google.com (mail-io0-x229.google.com
 [IPv6:2607:f8b0:4001:c06::229])
 (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
 (Client CN "smtp.gmail.com",
 Issuer "Google Internet Authority G2" (verified OK))
 by mx1.freebsd.org (Postfix) with ESMTPS id 703C6725FC
 for <freebsd-ipfw@freebsd.org>; Tue, 13 Feb 2018 11:15:22 +0000 (UTC)
 (envelope-from damian@damianek.be)
Received: by mail-io0-x229.google.com with SMTP id z6so20826407iob.11
 for <freebsd-ipfw@freebsd.org>; Tue, 13 Feb 2018 03:15:22 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=damianek-be.20150623.gappssmtp.com; s=20150623;
 h=mime-version:from:date:message-id:subject:to;
 bh=wgPa0tg0TkkHtynurGZaC8dTRgybBC+4Y5rk7yQdDBE=;
 b=ZlQVxHQcZpWHAbmFLe32r9hoHf+7Mgv0taGvnUBrDZz9t6nrKT0nNYXzt+JcvhWn06
 ni4lslxJkGHl3I/Fil/K5Otyj/TVW8Y0c2RqPMgWibnkJ/B9EGK4ZHmmuIzGXv+MI1JJ
 4HBax22VRHu58B7ytviyDF1qeEzWBJU5P/1niCEQggQj5F7m3RDQi+PB8OAsRwIjbW/d
 0y6zXBQjICY7ql966ZURirU5/GQg1BYCkK0sM+PlwRy1ZFnm4kTLEJABPglG12tSU0hO
 EIJ/rAFkU7Mdl4eISnkG7YVSGcUQ5ruPHhOfdHtIEClv35kvmI5Yagj+pYZYMC0Odht7
 h2CA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20161025;
 h=x-gm-message-state:mime-version:from:date:message-id:subject:to;
 bh=wgPa0tg0TkkHtynurGZaC8dTRgybBC+4Y5rk7yQdDBE=;
 b=pHekT0qpmonCrsYE4a7CvP+acN3U3TzBZzovHX5FK9LI1OT78aLS+M+EiZR9ocBgIa
 /MC7ngrMgJImiIs7jy6RrxNHBGdMnhlq5KjkWXs4XpEBudFBYzNuIfEO1vU9fsOx3mW+
 Yh+/JOPhKMMkBp4BJ1yIVWv0N6b1Qt45vDhgiHqovOTPntfkjsNyA/c3EVwKJG7BgFt5
 dA0um1plF8t66UuEc4sk1H7uKl1dsaf6z2HUU7c1Ji1XA41FwFhybF1PY6RSfRdVyy5O
 yUyEzPeQecgHg17z1LrgHbRmpJre/0lEE2OkyLYb5ESJ/59utS6rixt2UIA+jg0fL31D
 dSPQ==
X-Gm-Message-State: APf1xPAGTK6hdKNVer/+AaFM6qz23ICbf8/K/eqfA/U0zVgINyOY6psZ
 jc6chawtluqfNlS9xcN2vGwkdRsbTxmSxRF0Lwmvvp8T
X-Google-Smtp-Source: AH8x225MQ993lPuJcFkNOxR4y84XPapPIDve6lUq2rpku2owrNQCDJveuyCiSeiITKhO6vnMJf8wIGnKzxI57HLA0WQ=
X-Received: by 10.107.79.25 with SMTP id d25mr841606iob.270.1518520521434;
 Tue, 13 Feb 2018 03:15:21 -0800 (PST)
MIME-Version: 1.0
Received: by 10.107.198.137 with HTTP; Tue, 13 Feb 2018 03:14:41 -0800 (PST)
From: "damian@damianek.be" <damian@damianek.be>
Date: Tue, 13 Feb 2018 12:14:41 +0100
Message-ID: <CA+6J3vf6JS3d43p8DyPuydc0ahyDvN9dDojJgJQ3ZQhZ7oqWDQ@mail.gmail.com>
Subject: FreeBSD11 ipfw sets.
To: freebsd-ipfw@freebsd.org
Content-Type: text/plain; charset="UTF-8"
X-Content-Filtered-By: Mailman/MimeDel 2.1.25
X-BeenThere: freebsd-ipfw@freebsd.org
X-Mailman-Version: 2.1.25
Precedence: list
List-Id: IPFW Technical Discussions <freebsd-ipfw.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-ipfw>,
 <mailto:freebsd-ipfw-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-ipfw/>
List-Post: <mailto:freebsd-ipfw@freebsd.org>
List-Help: <mailto:freebsd-ipfw-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-ipfw>,
 <mailto:freebsd-ipfw-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 13 Feb 2018 11:15:23 -0000

Hello

I have strange behavior using ipfw set's on FreeBSD11.

Working fine on 10.3-STABLE amd64 amd64 1003514 - customkernel with
options IPFIREWALL_VERBOSE
options IPFIREWALL_DEFAULT_TO_ACCEPT
options IPFIREWALL

:~# ipfw add 9999 count tcp from any to any 22
09999 count tcp from any to any dst-port 22
:~# ipfw show 9999
09999          42           3184 count tcp from any to any dst-port 22
:~# ipfw set move rule 9999 to 2
:~# ipfw -S set 2 show
# DISABLED 09999 93 7036 set 2 count tcp from any to any dst-port 22
:~# ipfw set 2 delete 9999


Now same on 11.1-RELEASE-p4 amd64 amd64 1101001 - generic kernel
with ipfw_load="YES" in /boot/loader.conf

:~ # ipfw add 9999 count tcp from any to any 22
09999 count tcp from any to any dst-port 22
:~ # ipfw show 9999
09999     19      1720 count tcp from any to any dst-port 22
:~ # ipfw set move rule 9999 to 2
:~ # ipfw -S set 2 show
:~ # ipfw set 2 delete 9999
ipfw: rule 9999 not found
~ # ipfw delete 9999

I'm doing some wrong, or bug?



-- dsk
damian@damianek.be