Date: Sun, 13 Apr 2014 05:53:58 GMT From: Bill Yuan <bycn82@gmail.com> To: freebsd-gnats-submit@FreeBSD.org Subject: misc/188541: rule option `in` is not working properly in ipfw on FreeBSD10 Message-ID: <201404130553.s3D5rwSC040101@cgiserv.freebsd.org> Resent-Message-ID: <201404130600.s3D6007F086878@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 188541 >Category: misc >Synopsis: rule option `in` is not working properly in ipfw on FreeBSD10 >Confidential: no >Severity: non-critical >Priority: low >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Sun Apr 13 06:00:00 UTC 2014 >Closed-Date: >Last-Modified: >Originator: Bill Yuan >Release: FreeBSD10 AMD64 >Organization: cozilyworks >Environment: FreeBSD FB10 10.0-RELEASE FreeBSD 10.0-RELEASE #0: Sun Apr 13 03:14:30 HKT 2014 root@FB10:/usr/obj/usr/src/sys/GENERIC amd64 >Description: According to the man page, we have this option. in|out Matches incoming or outgoing packets, respectively. in and out are mutually exclusive (in fact, out is implemented as not in). But below test case can demonstrate this feature is not working on FreeBSD10 >How-To-Repeat: 1. Create two lines of rule to filter in traffic and all traffic. ipfw add count all from any to any MAC any any in via em0 ipfw add count all from any to any MAC any any via em0 2. Show the counters 00100 0 0 count ip from any to any MAC any any in via em0 00200 26 2232 count ip from any to any MAC any any via em0 65535 3453 293448 allow ip from any to any >Fix: >Release-Note: >Audit-Trail: >Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201404130553.s3D5rwSC040101>