Date: Thu, 28 Feb 2013 14:04:59 GMT From: Robert Heron <freebsd@heron.pl> To: freebsd-gnats-submit@FreeBSD.org Subject: kern/176503: ipfw layer2 problem Message-ID: <201302281404.r1SE4xF8034901@red.freebsd.org> Resent-Message-ID: <201302281410.r1SEA1I0075377@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 176503 >Category: kern >Synopsis: ipfw layer2 problem >Confidential: no >Severity: non-critical >Priority: low >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Thu Feb 28 14:10:00 UTC 2013 >Closed-Date: >Last-Modified: >Originator: Robert Heron >Release: 9.1R >Organization: HERON >Environment: FreeBSD server 9.1-RELEASE FreeBSD 9.1-RELEASE #1: .... i386 >Description: I use ipfw firewall with settings: In Kernel: options IPDIVERT options IPFIREWALL options IPFIREWALL_FORWARD sysctl: net.inet.ip.forwarding=1 net.link.ether.ipfw=1 The problem: I have a rule in my firewall: 1000 allow ip from any to any layer2 in MAC any any and when an incoming packet matches this rule it is passed further to the next rule. 'ipfw show' shows, that the packet was matched by this rule and then passed to the next rule. As described in 'man ipfw' the packet should be accepted by this rule and the search should be terminated, but this doesn't happen. >How-To-Repeat: >Fix: >Release-Note: >Audit-Trail: >Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201302281404.r1SE4xF8034901>