Date: Wed, 5 Jul 1995 17:57:04 +1000 (EST) From: michael butler <imb@scgt.oz.au> To: current@freebsd.org Cc: jkh@freefall.cdrom.com (Jordan K. Hubbard) Subject: Re: I'm rolling a SNAP on Friday. Message-ID: <199507050757.RAA24350@asstdc.scgt.oz.au> In-Reply-To: <185.804914938@freefall.cdrom.com> from "Jordan K. Hubbard" at Jul 4, 95 08:28:58 pm
next in thread | previous in thread | raw e-mail | index | archive | help
Jordan K. Hubbard writes: > Just a general warning for those who want to roll any critical bug > fixes into the tree first. Could someone please have another look at /sys/net/ip_fw.c. After the update (sup) as at July 4th 19:40 (UTC + 10), I'm still seeing a machine that panics and reboots when given packets to be refused :-( This is my script to add the rules .. #!/bin/sh # empty the rulesets ipfw f f # make localhost reachable ipfw addf accept all from any to 127.0.0.0/8 ipfw addf accept all from 127.0.0.0/8 to any # make multicast reachable for gated ipfw addf accept all from any to 224.0.0.0/8 ipfw addf accept all from 224.0.0.0/8 to any # two reachable servers at SCG ipfw addf accept all from any to 202.14.234.61 ipfw addf accept all from 202.14.234.61 to any ipfw addf accept all from any to 202.14.234.49 ipfw addf accept all from 202.14.234.49 to any # local primary net ipfw addf accept all from 202.14.234.65 to any ipfw addf accept all from any to 202.14.234.65 ipfw addf accept all from 202.14.234.69 to any ipfw addf accept all from any to 202.14.234.69 # local ppp dial-ins # ipfw addf accept all from 202.14.234.144/28 to any # ipfw addf accept all from any to 202.14.234.144/28 # local secondary net ipfw addf accept all from 202.12.127.67 to any ipfw addf accept all from any to 202.12.127.67 ipfw addf accept all from 202.12.127.65 to any ipfw addf accept all from any to 202.12.127.65 # icmp unreach to all not permitted as above - default case ipfw addf reject all from any to any # just in case something else falls through ipfw pol d exit 0 .. and a "ping 202.14.234.51" will panic it immediately .. I'm beginning to wonder if it's my machine. The "downlinks" on the other side of it are getting tired of it so I can't do too much more testing for a little while :-( michael
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199507050757.RAA24350>