From owner-freebsd-bugs@FreeBSD.ORG Tue Jul 3 01:50:10 2012 Return-Path: Delivered-To: freebsd-bugs@hub.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id ECDCA1065670 for ; Tue, 3 Jul 2012 01:50:09 +0000 (UTC) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id 6E5C58FC12 for ; Tue, 3 Jul 2012 01:50:09 +0000 (UTC) Received: from freefall.freebsd.org (localhost [127.0.0.1]) by freefall.freebsd.org (8.14.5/8.14.5) with ESMTP id q631o92s043007 for ; Tue, 3 Jul 2012 01:50:09 GMT (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.14.5/8.14.5/Submit) id q631o9cW043006; Tue, 3 Jul 2012 01:50:09 GMT (envelope-from gnats) Resent-Date: Tue, 3 Jul 2012 01:50:09 GMT Resent-Message-Id: <201207030150.q631o9cW043006@freefall.freebsd.org> Resent-From: FreeBSD-gnats-submit@FreeBSD.org (GNATS Filer) Resent-To: freebsd-bugs@FreeBSD.org Resent-Reply-To: FreeBSD-gnats-submit@FreeBSD.org, HASHI Hiroaki Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id A69571065673 for ; Tue, 3 Jul 2012 01:44:00 +0000 (UTC) (envelope-from hashiz@tomba.meridiani.jp) Received: from smtp.jupiter.ocn.ne.jp (jupiter.ocn.ne.jp [122.28.30.171]) by mx1.freebsd.org (Postfix) with ESMTP id 572068FC0A for ; Tue, 3 Jul 2012 01:44:00 +0000 (UTC) Received: from tomba.meridiani.jp (p28170-ipngn1601funabasi.chiba.ocn.ne.jp [153.129.135.170]) by smtp.jupiter.ocn.ne.jp (Postfix) with ESMTP id 0771B2990 for ; Tue, 3 Jul 2012 10:12:31 +0900 (JST) Received: from tomba.meridiani.jp (localhost.meridiani.jp [127.0.0.1]) by tomba.meridiani.jp (8.14.5/8.14.5) with ESMTP id q631CUjL008768 for ; Tue, 3 Jul 2012 10:12:30 +0900 (JST) (envelope-from hashiz@tomba.meridiani.jp) Received: (from hashiz@localhost) by tomba.meridiani.jp (8.14.5/8.14.5/Submit) id q631CUY3008767; Tue, 3 Jul 2012 10:12:30 +0900 (JST) (envelope-from hashiz) Message-Id: <201207030112.q631CUY3008767@tomba.meridiani.jp> Date: Tue, 3 Jul 2012 10:12:30 +0900 (JST) From: HASHI Hiroaki To: FreeBSD-gnats-submit@FreeBSD.org X-Send-Pr-Version: 3.113 Cc: Subject: kern/169620: ng_l2tp incomming packet bypass pf firewall X-BeenThere: freebsd-bugs@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Bug reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 03 Jul 2012 01:50:10 -0000 >Number: 169620 >Category: kern >Synopsis: ng_l2tp incomming packet bypass pf firewall >Confidential: no >Severity: serious >Priority: medium >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Tue Jul 03 01:50:08 UTC 2012 >Closed-Date: >Last-Modified: >Originator: HASHI Hiroaki >Release: FreeBSD 8.3-STABLE i386 >Organization: >Environment: System: FreeBSD tomba.meridiani.jp 8.3-STABLE FreeBSD 8.3-STABLE #33: Mon Jul 2 01:44:40 JST 2012 hashiz@stenmark.meridiani.jp:/usr/obj/usr/src/sys/TOMBA i386 l2tp daemon: net/mpd5 >Description: PF firewall does not examine incomming packet on ng_l2tp interface. ng_pppoe : examine. ng_l2tp : not examine. >How-To-Repeat: Setup l2tp tunnel using net/mpd5. Connect from client. Write block PF rule on l2tp netgraph interface. block in quick on ngX inet from any to any pass out quick on ngX inet from any to any PF through the packets. Block rule not evalute. sudo pfctl -vvs -s Interfaces -i ngX >Fix: >Release-Note: >Audit-Trail: >Unformatted: