Date: Wed, 8 Nov 2023 18:26:18 +1100 From: Mikhail Holt <mikhail.k.holt@gmail.com> To: freebsd-ipfw@FreeBSD.org Subject: tag/untag Message-ID: <654B381A.10705@gmail.com> In-Reply-To: <1699427174-33039-mlmmj-25c77f68@FreeBSD.org> References: <1699427174-33039-mlmmj-25c77f68@FreeBSD.org>
next in thread | previous in thread | raw e-mail | index | archive | help
This is a multi-part message in MIME format.
--------------060803010606090207030600
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: 7bit
Hello List,
On a recent Stable 13 test host I, by accident, found that:
/sbin/ipfw -q add 0031 allow tcp from 192.168.64.0/24 to me
dst-port ssh in via igb3 setup keep-state WORKS
/sbin/ipfw -q add 0031 allow log tcp from 192.168.64.0/24 to me
dst-port ssh in via igb3 setup keep-state WORKS
/sbin/ipfw -q add 0031 allow log tag 10 tcp from 192.168.64.0/24 to me
dst-port ssh in via igb3 setup keep-state WORKS
/sbin/ipfw -q add 0031 allow log untag 10 tcp from 192.168.64.0/24 to me
dst-port ssh in via igb3 setup keep-state WORKS
/sbin/ipfw -q add 0031 allow untag 10 tcp from 192.168.64.0/24 to me
dst-port ssh in via igb3 setup keep-state DOES NOT WORK?
- A dynamic rule is created as per the rules that work.
- Packets are logged by a deny all rule which of course is never reached
by the rules that work.
Not a real issue for me but thought it worth noting.
Mik.
--------------060803010606090207030600
Content-Type: text/html; charset=utf-8
Content-Transfer-Encoding: 8bit
<html>
<head>
<meta content="text/html; charset=utf-8" http-equiv="Content-Type">
</head>
<body text="#000000" bgcolor="#FFFFFF">
<font face="Courier">Hello List,<br>
<br>
On a recent Stable 13 test host I, by accident, found that:<br>
<br>
/sbin/ipfw -q add 0031 allow tcp from 192.168.64.0/24
to me dst-port ssh in via igb3 setup keep-state WORKS<br>
<br>
/sbin/ipfw -q add 0031 allow log tcp from 192.168.64.0/24
to me dst-port ssh in via igb3 setup keep-state WORKS<br>
<br>
/sbin/ipfw -q add 0031 allow log tag 10 tcp from 192.168.64.0/24
to me dst-port ssh in via igb3 setup keep-state WORKS<br>
<br>
/sbin/ipfw -q add 0031 allow log untag 10 tcp from 192.168.64.0/24
to me dst-port ssh in via igb3 setup keep-state WORKS<br>
<br>
/sbin/ipfw -q add 0031 allow untag 10 tcp from 192.168.64.0/24
to me dst-port ssh in via igb3 setup keep-state DOES NOT WORK?<br>
- A dynamic rule is created as per the rules that work.<br>
- Packets are logged by a deny all rule which of course is never
reached by the rules that work.<br>
<br>
Not a real issue for me but thought it worth noting.<br>
<br>
Mik.</font><br>
</body>
</html>
--------------060803010606090207030600--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?654B381A.10705>