Date: Fri, 11 Jan 2002 20:14:28 -0800 (PST) From: Gary <gary@outloud.org> To: freebsd-gnats-submit@FreeBSD.org Subject: kern/33804: ipfw bug/problem Message-ID: <200201120414.g0C4ESb32318@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 33804
>Category: kern
>Synopsis: ipfw bug/problem
>Confidential: no
>Severity: non-critical
>Priority: medium
>Responsible: freebsd-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: sw-bug
>Submitter-Id: current-users
>Arrival-Date: Fri Jan 11 20:20:01 PST 2002
>Closed-Date:
>Last-Modified:
>Originator: Gary
>Release: 4.5-RC
>Organization:
outloud.org
>Environment:
>Description:
On FreeBSD 4.3-STABLE, I could perform the following ipfw rules without problem.
208.141.46.11 is the actual interface, not a virutal IP. 208.141.46.249 is a aliased IP. The actual problem is, in fact, identd not working. When I set this type of firewall ruleset up on the older versions, identd was running out of inetd.conf, as user root. I could be able to force users not to abuse my hosts, and still permit identd to work for me. As of 4.4-RELEASE/4.5-RC, this same setup causes identd to stop working. I don't know what has changed since then, I was browsing the CVS archive, and I can't seem to find a problem.
$fwcmd add permit ip from 208.141.46.249 to any gid ancient
$fwcmd add permit ip from 208.141.46.11 to any gid ancient
$fwcmd add permit ip from any to any uid nobody
$fwcmd add permit ip from any to any uid root
$fwcmd add deny log ip from 208.141.46.249 to any
>How-To-Repeat:
>Fix:
>Release-Note:
>Audit-Trail:
>Unformatted:
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-bugs" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200201120414.g0C4ESb32318>