From owner-freebsd-ipfw@freebsd.org Sun Dec 24 01:56:00 2017 Return-Path: Delivered-To: freebsd-ipfw@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 25006E8C5E8 for ; Sun, 24 Dec 2017 01:56:00 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2001:1900:2254:206a::16:76]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 0E5572219 for ; Sun, 24 Dec 2017 01:56:00 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from bugs.freebsd.org ([127.0.1.118]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id vBO1txmm001534 for ; Sun, 24 Dec 2017 01:55:59 GMT (envelope-from bugzilla-noreply@freebsd.org) From: bugzilla-noreply@freebsd.org To: freebsd-ipfw@FreeBSD.org Subject: [Bug 224555] [ipfw] Command 'ipfw set move rule X to Y' not functioning Date: Sun, 24 Dec 2017 01:56:00 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: 11.1-RELEASE X-Bugzilla-Keywords: X-Bugzilla-Severity: Affects Many People X-Bugzilla-Who: commit-hook@freebsd.org X-Bugzilla-Status: New X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: freebsd-ipfw@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 24 Dec 2017 01:56:00 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D224555 --- Comment #1 from commit-hook@freebsd.org --- A commit references this bug: Author: ae Date: Sun Dec 24 01:55:12 UTC 2017 New revision: 327140 URL: https://svnweb.freebsd.org/changeset/base/327140 Log: Fix rule number truncation, use uint16_t type to specify rulenum. PR: 224555 MFC after: 1 week Changes: head/sbin/ipfw/ipfw2.c --=20 You are receiving this mail because: You are the assignee for the bug.= From owner-freebsd-ipfw@freebsd.org Sun Dec 24 01:56:10 2017 Return-Path: Delivered-To: freebsd-ipfw@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id CD43DE8C5F3 for ; Sun, 24 Dec 2017 01:56:10 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2001:1900:2254:206a::16:76]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id BB60F2222 for ; Sun, 24 Dec 2017 01:56:10 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from bugs.freebsd.org ([127.0.1.118]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id vBO1uA04001737 for ; Sun, 24 Dec 2017 01:56:10 GMT (envelope-from bugzilla-noreply@freebsd.org) From: bugzilla-noreply@freebsd.org To: freebsd-ipfw@FreeBSD.org Subject: [Bug 224555] [ipfw] Command 'ipfw set move rule X to Y' not functioning Date: Sun, 24 Dec 2017 01:56:10 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: 11.1-RELEASE X-Bugzilla-Keywords: X-Bugzilla-Severity: Affects Many People X-Bugzilla-Who: ae@FreeBSD.org X-Bugzilla-Status: New X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: ae@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: cc assigned_to Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 24 Dec 2017 01:56:10 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D224555 Andrey V. Elsukov changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |ae@FreeBSD.org Assignee|freebsd-ipfw@FreeBSD.org |ae@FreeBSD.org --=20 You are receiving this mail because: You are the assignee for the bug.= From owner-freebsd-ipfw@freebsd.org Tue Dec 26 10:44:04 2017 Return-Path: Delivered-To: freebsd-ipfw@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 891F1E8452B for ; Tue, 26 Dec 2017 10:44:04 +0000 (UTC) (envelope-from reply@west-art.net) Received: from west-art.net (west-art.net [162.144.110.111]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 59BB96F205 for ; Tue, 26 Dec 2017 10:44:04 +0000 (UTC) (envelope-from reply@west-art.net) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=west-art.net; s=default; h=Content-Transfer-Encoding:Content-Type: MIME-Version:List-Unsubscribe:Message-ID:Subject:Reply-To:From:To:Date:Sender :Cc:Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender: Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:References:List-Id: List-Help:List-Subscribe:List-Post:List-Owner:List-Archive; bh=wkivdOUErjLDH2snIl4NGQuasFCU09tVaEIhFPmjxRg=; b=tu52HsgBZTo7crRoH0XY+Y1rqV XxN2tUWzzm1CNQLRdGOPWg4VnLEz+vcuvtd5hFBXIFlqn1LRwDUHFi/66JW+4PmcnAVWoKHRyZTD9 xloYPwtuu/y6shG7gzOxzfUJvLYMf/iTa4GD8CpetRTNEEICT/pkqhhGTMjGEa3TpXrfcnYnZHRBu VpQu/92nYmLa22zhC/cyS8I9FMsxVKdjjtAXpEq+sVtTAZC4sQb4JhqW4BPAOGmw+uXzcDCHns7xV zTPQY1s4HZ34u03Kl6gwu109J0Ftk2fT+T44sFQT3g/hffdlMKeFzzla9YJMBfnMAyIom/8uTHKAw qsKWO/Aw==; Received: from westartn by server.west-art.net with local (Exim 4.89_1) (envelope-from ) id 1eTmi5-00029z-BI for freebsd-ipfw@freebsd.org; Tue, 26 Dec 2017 12:43:49 +0200 Date: Tue, 26 Dec 2017 10:43:40 +0000 To: freebsd-ipfw@freebsd.org From: Benefis Company Reply-To: crisstianciubuc@gmail.com Subject: Dear Friends, our discount offer will continue till the end on this month! Message-ID: <5098260af2af12beae5d5abcb1318356@massmail.benefistutu.com> X-Mailer: Mailster 2.2.14 (5.2.22) X-Mailster: 0027c6cc9659e92b0df4ae67f73255f8 X-Mailster-Campaign: 296 X-Mailster-ID: 34695d011f7794251628561f772eda6d X-Message-ID: <5a4227e5517f5-0027c6cc9659e92b0df4ae67f73255f8-296-34695d011f7794251628561f772eda6d@massmail.benefistutu.com> MIME-Version: 1.0 X-AntiAbuse: This header was added to track abuse, please include it with any abuse report X-AntiAbuse: Primary Hostname - server.west-art.net X-AntiAbuse: Original Domain - freebsd.org X-AntiAbuse: Originator/Caller UID/GID - [500 500] / [47 12] X-AntiAbuse: Sender Address Domain - west-art.net X-Get-Message-Sender-Via: server.west-art.net: authenticated_id: westartn/sender_address_domain X-Authenticated-Sender: server.west-art.net: reply@west-art.net X-Source: /usr/bin/php X-Source-Args: /usr/bin/php X-Source-Dir: west-art.net:/public_html/massmail Content-Type: text/plain; charset=us-ascii X-Content-Filtered-By: Mailman/MimeDel 2.1.25 X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 26 Dec 2017 10:44:04 -0000 [1] [2] Dear Friends, our discount offer will continue till the end on this month! [3] Get a Beautiful, Professional Ballet Costume for all you performances in the upcoming new year at a 15% discount! Also DON'T FORGET ABOUT OUR E-GIFT CARD - THE BEST GIFT OPTION FOR ANY OCCASION! [4] [facebook] [5] [instagram] [6] [pinterest] [7] [twitter] [8] [linkedin] [9] [youtube] [10] UNSUBSCRIBE! [11] Benefis Co. 1995-2017 [MailerLite] [12] Links: ------ [1] https://massmail.benefistutu.com/mailster/296/0027c6cc9659e92b0df4ae67f73255f8/aHR0cDovL2JlbmVmaXNzaG9wLmNvbS8_bD1lbiZhbXA7YT1kZXRhaWxzJmFtcDtpPTExNzYz [2] https://massmail.benefistutu.com/mailster/296/0027c6cc9659e92b0df4ae67f73255f8/aHR0cHM6Ly9iZW5lZmlzdHV0dS5jb20v [3] https://massmail.benefistutu.com/mailster/296/0027c6cc9659e92b0df4ae67f73255f8/aHR0cHM6Ly9iZW5lZmlzdHV0dS5jb20v/1 [4] https://massmail.benefistutu.com/mailster/296/0027c6cc9659e92b0df4ae67f73255f8/aHR0cHM6Ly9iZW5lZmlzdHV0dS5jb20vaW5kZXgucGhwP3JvdXRlPWluZm9ybWF0aW9uL2luZm9ybWF0aW9uJmFtcDtpbmZvcm1hdGlvbl9pZD0xOQ [5] https://massmail.benefistutu.com/mailster/296/0027c6cc9659e92b0df4ae67f73255f8/aHR0cHM6Ly93d3cuZmFjZWJvb2suY29tL0JlbmVmaXMtQmFsbGV0LUNvc3R1bWVzLTEyMTc2ODAzNDgzNzcxMS8 [6] https://massmail.benefistutu.com/mailster/296/0027c6cc9659e92b0df4ae67f73255f8/aHR0cHM6Ly93d3cuaW5zdGFncmFtLmNvbS90ZXJlbnRpZXZhOTgxNi8 [7] https://massmail.benefistutu.com/mailster/296/0027c6cc9659e92b0df4ae67f73255f8/aHR0cHM6Ly93d3cucGludGVyZXN0LmNvbS9iYmFsbGV0Y29zdHVtZXMv [8] https://massmail.benefistutu.com/mailster/296/0027c6cc9659e92b0df4ae67f73255f8/aHR0cHM6Ly90d2l0dGVyLmNvbS9iZW5lZmlzc2hvcA [9] https://massmail.benefistutu.com/mailster/296/0027c6cc9659e92b0df4ae67f73255f8/aHR0cHM6Ly93d3cubGlua2VkaW4uY29tL2luL2JlbmVmaXNzaG9wY29tLw [10] https://massmail.benefistutu.com/mailster/296/0027c6cc9659e92b0df4ae67f73255f8/aHR0cHM6Ly93d3cueW91dHViZS5jb20vdXNlci9CZW5lZmlzc2hvcA [11] https://massmail.benefistutu.com/mailster/296/0027c6cc9659e92b0df4ae67f73255f8/aHR0cHM6Ly9iZW5lZmlzdHV0dS5jb20vdW5zdWJzY3JpYmUvdW5zdWJzY3JpYmUuaHRtbA [12] https://massmail.benefistutu.com/mailster/296/0027c6cc9659e92b0df4ae67f73255f8/aHR0cHM6Ly93d3cubWFpbGVybGl0ZS5jb20 From owner-freebsd-ipfw@freebsd.org Fri Dec 29 09:21:36 2017 Return-Path: Delivered-To: freebsd-ipfw@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 38E6CEB3EEB for ; Fri, 29 Dec 2017 09:21:36 +0000 (UTC) (envelope-from quinefang@gmail.com) Received: from mail-qt0-x231.google.com (mail-qt0-x231.google.com [IPv6:2607:f8b0:400d:c0d::231]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id E8D213CA5 for ; Fri, 29 Dec 2017 09:21:35 +0000 (UTC) (envelope-from quinefang@gmail.com) Received: by mail-qt0-x231.google.com with SMTP id e2so53729073qti.0 for ; Fri, 29 Dec 2017 01:21:35 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:from:date:message-id:subject:to; bh=i58abLkgxRH2iXeCOgeOqdwmGpQcjQacBXdgctwXlwM=; b=IFpUfYrmJsaW27BQFneK/vEdhB2MDBUOMVKeeTnP7BrEYDVbMxOrsC3qmJmEKAILWP LevdOMcubtQNeNBLrIHMDC5znKpLlSG3He3NA8RZYTBhnEYqx/TOjN5FTWIuMqbrm0eP WZARdBLTL9qNd/Z5GvbkhxG+89FaMmTNYvecrrRLfnr+ZDvTCMCgfklefQJ3JFYsyq2S o5bbpgVUlUzzHkHyhb8vdVi2jxloYC+Hi4S+T30sl5YSyc9zSHnO+TmnXWPWh8hCRjNN j9Oa5yDEdyiZoribnBHtF4U3aC1IXmW7Z+9eLIJyGmCTGS2qDgSG5K3UkKYrn1c7xztP 5YyQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to; bh=i58abLkgxRH2iXeCOgeOqdwmGpQcjQacBXdgctwXlwM=; b=kFBCwsR1voeAQHGQHYGiflRE3veuEevSt7LD0m0v7rQT7O9olxH2LR5yBuVir0e3Ve /UFU3uNVFCkBi+//y/oPzfNMKChlcEeas5b90uUYiZu2CM0Zd9euoQjHRPbJ59w/bVx9 Jmt0x4eMBfsixHOXc2trnfUAWv8Z/OGKsSuRtepAQU5PAwuxL3cs7j+XTVGtQTpippKZ ++VItkv7yrfv1l5ALlpDcatvXyihtU4MTng2vMhpiv7jUI1LxSbbWUPevxUc3mb28Thl STscEMIx6cuRW9x70kAnEzzL/304FjhNe0IfDOkQiyRnAM+amyAeOIBCmS3t9zyJzPTW mYeQ== X-Gm-Message-State: AKGB3mKmesfBMDrtPY96/5/M77L2HLmE/WGJPCkt+Ilwlj6QATOCIYie 9urj1iIsO+te+xu99OM6aptKWaTQhTv/jTm+Zm89lKKx X-Google-Smtp-Source: ACJfBosRFSQMaHxt/zXn5ZeWA9OCyOCtc94pGfuy6G+aCG7czvWF2m4BglE6JhM+YB4y4cqxNiGJ+C+yAiOE5CgBlWs= X-Received: by 10.200.34.242 with SMTP id g47mr43570869qta.36.1514539294774; Fri, 29 Dec 2017 01:21:34 -0800 (PST) MIME-Version: 1.0 Received: by 10.55.31.29 with HTTP; Fri, 29 Dec 2017 01:21:34 -0800 (PST) From: =?UTF-8?B?5pa55Z2k?= Date: Fri, 29 Dec 2017 17:21:34 +0800 Message-ID: Subject: ipfw rules for modern FreeBSD? To: freebsd-ipfw@freebsd.org Content-Type: text/plain; charset="UTF-8" X-Content-Filtered-By: Mailman/MimeDel 2.1.25 X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 29 Dec 2017 09:21:36 -0000 Dear ipfw maintainer, I read the following from https://www.freebsd.org/cgi/man.cgi?query=ipfw&sektion=8&manpath=freebsd-release-ports#end . > The rule body has the following format: > > [*proto* *from* *src* *to* *dst*] [*options*] > > The first part (proto from src to dst) is for backward compatibility with > earlier versions of FreeBSD. In modern FreeBSD any match pattern > (including MAC headers, IP protocols, addresses and ports) can be speci- > fied in the *options* section. > > And, my firewall_script as follows: > #!/bin/sh fwcmd="/sbin/ipfw -q" ${fwcmd} -f flush ${fwcmd} add allow proto tcp src-ip me setup keep-state :default ${fwcmd} add allow proto udp src-ip me keep-state :default And, I found these rules is not protecting my FreeBSD box. Question: How can I write ipfw rules for modern FreeBSD only? From owner-freebsd-ipfw@freebsd.org Fri Dec 29 12:42:36 2017 Return-Path: Delivered-To: freebsd-ipfw@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id B07EAE876CB for ; Fri, 29 Dec 2017 12:42:36 +0000 (UTC) (envelope-from david@catwhisker.org) Received: from mx.catwhisker.org (mx.catwhisker.org [198.144.209.73]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 4B24568930 for ; Fri, 29 Dec 2017 12:42:36 +0000 (UTC) (envelope-from david@catwhisker.org) Received: from albert.catwhisker.org (localhost [127.0.0.1]) by albert.catwhisker.org (8.15.2/8.15.2) with ESMTP id vBTCKHQA065303; Fri, 29 Dec 2017 12:20:17 GMT (envelope-from david@albert.catwhisker.org) Received: (from david@localhost) by albert.catwhisker.org (8.15.2/8.15.2/Submit) id vBTCKHsq065302; Fri, 29 Dec 2017 04:20:17 -0800 (PST) (envelope-from david) Date: Fri, 29 Dec 2017 04:20:17 -0800 From: David Wolfskill To: =?utf-8?B?5pa55Z2k?= Cc: freebsd-ipfw@freebsd.org Subject: Re: ipfw rules for modern FreeBSD? Message-ID: <20171229122017.GO1555@albert.catwhisker.org> References: MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="dq1bAwW2kQB+exoT" Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.9.2 (2017-12-15) X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 29 Dec 2017 12:42:36 -0000 --dq1bAwW2kQB+exoT Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Fri, Dec 29, 2017 at 05:21:34PM +0800, =E6=96=B9=E5=9D=A4 wrote: > Dear ipfw maintainer, >=20 > I read the following from > https://www.freebsd.org/cgi/man.cgi?query=3Dipfw&sektion=3D8&manpath=3Dfr= eebsd-release-ports#end > .... > And, my firewall_script as follows: >=20 > #!/bin/sh >=20 > fwcmd=3D"/sbin/ipfw -q" >=20 > ${fwcmd} -f flush >=20 > ${fwcmd} add allow proto tcp src-ip me setup keep-state :default >=20 > ${fwcmd} add allow proto udp src-ip me keep-state :default >=20 >=20 >=20 > And, I found these rules is not protecting my FreeBSD box. >=20 > Question: How can I write ipfw rules for modern FreeBSD only? > ..... First, you need to determine what "protecting my FreeBSD box" means for your situation. Please note that whatever you determine at first, the result is likely to evolve over time. You will alsmost certainly benefit from a study of /etc/rc.firewall -- possibly to help you understand what kinds of "protection" ipfw can provide (and how to implement them) -- but also to help you clarify your own "protection" requirements. Peace, david --=20 David H. Wolfskill david@catwhisker.org If Trump is "taking names" re: the UN Jerusalem vote, he can add mine. See http://www.catwhisker.org/~david/publickey.gpg for my public key. --dq1bAwW2kQB+exoT Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQF8BAEBCgBmBQJaRjMBXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXRDQ0I3Q0VGOTE3QTgwMUY0MzA2NEQ3N0Ix NTM5Q0M0MEEwNDlFRTE3AAoJEBU5zECgSe4XlBQIAJrFWfhcqiQ/0bj4E9YP7KTt c7UqkCjS4HM16Epv/KjVdZSdFP96cBxiSS0UHPYGMEGQ2oP7+cUNJX9lONzckPaE 840gCBYx0RcvtoocmHNBisd8nJD9bIzY5xT5jBA4LS2G16zIMwKBiamCVxvIwH0f pNBPmNZwvcIhFc1z9yph16rgvKVqaJoUP0lYOI4pcHmH+5z0GyELpxVf8egboU/i lVkbf4wfXA0E6YlMTJy37ThK1fLV+c4jtwTT0uMUx3WaGYj/ik+X0jns0iCCVbvU vBrvoHNXkiR7b2hrsaEM7GsgI37F7RBb/hqjcnPM3CdXwCeesdDZAExtuDgRJe4= =Efho -----END PGP SIGNATURE----- --dq1bAwW2kQB+exoT-- From owner-freebsd-ipfw@freebsd.org Fri Dec 29 19:06:43 2017 Return-Path: Delivered-To: freebsd-ipfw@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 3F996EAB78A for ; Fri, 29 Dec 2017 19:06:43 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2001:1900:2254:206a::16:76]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 259EE777B1 for ; Fri, 29 Dec 2017 19:06:43 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from bugs.freebsd.org ([127.0.1.118]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id vBTJ6f88095970 for ; Fri, 29 Dec 2017 19:06:43 GMT (envelope-from bugzilla-noreply@freebsd.org) From: bugzilla-noreply@freebsd.org To: freebsd-ipfw@FreeBSD.org Subject: [Bug 167822] [ipfw] [patch] start script doesn't load firewall_type if set in rc.conf.d/ipfw Date: Fri, 29 Dec 2017 19:06:41 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: conf X-Bugzilla-Version: 8.2-RELEASE X-Bugzilla-Keywords: X-Bugzilla-Severity: Affects Only Me X-Bugzilla-Who: dsx@bsdsx.fr X-Bugzilla-Status: In Progress X-Bugzilla-Resolution: X-Bugzilla-Priority: Normal X-Bugzilla-Assigned-To: freebsd-ipfw@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: cc Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 29 Dec 2017 19:06:43 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D167822 Freddy DISSAUX changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |dsx@bsdsx.fr --- Comment #3 from Freddy DISSAUX --- If ipfw is configured like this: /etc/rc.conf.d/ipfw/_networks 1 firewall_ipv4=3D"172.16.200.0/24 172.17.200.0/24 172.16.10.0/24 172.17.10.0/24" 2 firewall_ipv6=3D"2a01:db8:cafe:f660::/64 2a01:db8:cafe:f666::/64" /etc/rc.conf.d/ipfw/ipfw 1 firewall_enable=3D"YES" 2 firewall_type=3D"workstation" 3 firewall_myservices=3D"ssh/tcp" 4 firewall_allowservices=3D"$firewall_ipv4 $firewall_ipv6" 5 firewall_coscripts=3D"/etc/rc.conf.d/ipfw_local" /etc/rc.conf.d/ipfw/log 1 firewall_quiet=3D"NO" 2 firewall_logging=3D"YES" 3 firewall_logif=3D"YES" 4 firewall_logdeny=3D"YES" the firewall_type variable will still be set to UNKNOWN If i understand: /etc/rc.d/ipfw start - source /etc/rc.subr - call load_rc_config ipfw (firewall_* are available) - $firewall_script is set to /etc/rc.firewall (default) - call /bin/sh /etc/rc.firewall /etc/rc.firewall - test if source_rc_confs_defined (always false) - source /etc/rc.defaults/rc.conf =3D> firewall_type set to 'UNKNOWN' - source rc.subr (but not call load_rc_config !!!) - test firewall_type (UNKNOWN) =3D> fail With attached patch, ipfw is configured as expected: $ sudo ipfw list | grep 22$ 02500 allow tcp from 172.16.200.0/24 to me dst-port 22 02600 allow tcp from 172.17.200.0/24 to me dst-port 22 02700 allow tcp from 172.16.10.0/24 to me dst-port 22 02800 allow tcp from 172.17.10.0/24 to me dst-port 22 02900 allow tcp from 2a01:db8:cafe:f660::/64 to me dst-port 22 03000 allow tcp from 2a01:db8:cafe:f666::/64 to me dst-port 22 With pirzyk'patch i can force firewall_type (using my configuration): $ sudo ipfw list | wc -l 40 $ sudo service ipfw stop $ sudo service ipfw start open $ sudo ipfw list | wc -l 12 $ sudo service ipfw stop $ sudo service ipfw start $ sudo ipfw list | wc -l 40 dsx@vaio>uname -a FreeBSD vaio.bsdsx.fr 11.1-RELEASE FreeBSD 11.1-RELEASE #0 r321309: Fri Jul= 21 02:08:28 UTC 2017 root@releng2.nyi.freebsd.org:/usr/obj/usr/src/sys/GEN= ERIC amd64 dsx@vaio>freebsd-version 11.1-RELEASE-p6 --=20 You are receiving this mail because: You are the assignee for the bug.= From owner-freebsd-ipfw@freebsd.org Fri Dec 29 19:07:40 2017 Return-Path: Delivered-To: freebsd-ipfw@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id CEF30EAB832 for ; Fri, 29 Dec 2017 19:07:40 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2001:1900:2254:206a::16:76]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id BC7C577823 for ; Fri, 29 Dec 2017 19:07:40 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from bugs.freebsd.org ([127.0.1.118]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id vBTJ7eRU097616 for ; Fri, 29 Dec 2017 19:07:40 GMT (envelope-from bugzilla-noreply@freebsd.org) From: bugzilla-noreply@freebsd.org To: freebsd-ipfw@FreeBSD.org Subject: [Bug 167822] [ipfw] [patch] start script doesn't load firewall_type if set in rc.conf.d/ipfw Date: Fri, 29 Dec 2017 19:07:40 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: conf X-Bugzilla-Version: 8.2-RELEASE X-Bugzilla-Keywords: X-Bugzilla-Severity: Affects Only Me X-Bugzilla-Who: dsx@bsdsx.fr X-Bugzilla-Status: In Progress X-Bugzilla-Resolution: X-Bugzilla-Priority: Normal X-Bugzilla-Assigned-To: freebsd-ipfw@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: attachments.created Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 29 Dec 2017 19:07:40 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D167822 --- Comment #4 from Freddy DISSAUX --- Created attachment 189205 --> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=3D189205&action= =3Dedit patch /etc/rc.firewall --=20 You are receiving this mail because: You are the assignee for the bug.= From owner-freebsd-ipfw@freebsd.org Sat Dec 30 15:25:26 2017 Return-Path: Delivered-To: freebsd-ipfw@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 6F221E8A8F8 for ; Sat, 30 Dec 2017 15:25:26 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2001:1900:2254:206a::16:76]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 5D870801B9 for ; Sat, 30 Dec 2017 15:25:26 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from bugs.freebsd.org ([127.0.1.118]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id vBUFPQ40031552 for ; Sat, 30 Dec 2017 15:25:26 GMT (envelope-from bugzilla-noreply@freebsd.org) From: bugzilla-noreply@freebsd.org To: freebsd-ipfw@FreeBSD.org Subject: [Bug 224730] ipfw dyn_keepalive sends a strange packet Date: Sat, 30 Dec 2017 15:25:26 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: 10.3-RELEASE X-Bugzilla-Keywords: X-Bugzilla-Severity: Affects Only Me X-Bugzilla-Who: linimon@FreeBSD.org X-Bugzilla-Status: New X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: freebsd-ipfw@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: assigned_to Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 30 Dec 2017 15:25:26 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D224730 Mark Linimon changed: What |Removed |Added ---------------------------------------------------------------------------- Assignee|freebsd-bugs@FreeBSD.org |freebsd-ipfw@FreeBSD.org --=20 You are receiving this mail because: You are the assignee for the bug.=