From owner-freebsd-bugs@FreeBSD.ORG Thu Feb 28 14:10:01 2013 Return-Path: Delivered-To: freebsd-bugs@smarthost.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.FreeBSD.org [8.8.178.115]) by hub.freebsd.org (Postfix) with ESMTP id 7F591114 for ; Thu, 28 Feb 2013 14:10:01 +0000 (UTC) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:1900:2254:206c::16:87]) by mx1.freebsd.org (Postfix) with ESMTP id 4E80D777 for ; Thu, 28 Feb 2013 14:10:01 +0000 (UTC) Received: from freefall.freebsd.org (localhost [127.0.0.1]) by freefall.freebsd.org (8.14.6/8.14.6) with ESMTP id r1SEA1Mi075378 for ; Thu, 28 Feb 2013 14:10:01 GMT (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.14.6/8.14.6/Submit) id r1SEA1I0075377; Thu, 28 Feb 2013 14:10:01 GMT (envelope-from gnats) Resent-Date: Thu, 28 Feb 2013 14:10:01 GMT Resent-Message-Id: <201302281410.r1SEA1I0075377@freefall.freebsd.org> Resent-From: FreeBSD-gnats-submit@FreeBSD.org (GNATS Filer) Resent-To: freebsd-bugs@FreeBSD.org Resent-Reply-To: FreeBSD-gnats-submit@FreeBSD.org, Robert Heron Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by hub.freebsd.org (Postfix) with ESMTP id 2A54B77 for ; Thu, 28 Feb 2013 14:05:00 +0000 (UTC) (envelope-from nobody@FreeBSD.org) Received: from red.freebsd.org (red.freebsd.org [IPv6:2001:4f8:fff6::22]) by mx1.freebsd.org (Postfix) with ESMTP id 1735874E for ; Thu, 28 Feb 2013 14:05:00 +0000 (UTC) Received: from red.freebsd.org (localhost [127.0.0.1]) by red.freebsd.org (8.14.5/8.14.5) with ESMTP id r1SE4x8L034902 for ; Thu, 28 Feb 2013 14:04:59 GMT (envelope-from nobody@red.freebsd.org) Received: (from nobody@localhost) by red.freebsd.org (8.14.5/8.14.5/Submit) id r1SE4xF8034901; Thu, 28 Feb 2013 14:04:59 GMT (envelope-from nobody) Message-Id: <201302281404.r1SE4xF8034901@red.freebsd.org> Date: Thu, 28 Feb 2013 14:04:59 GMT From: Robert Heron To: freebsd-gnats-submit@FreeBSD.org X-Send-Pr-Version: www-3.1 Subject: kern/176503: ipfw layer2 problem X-BeenThere: freebsd-bugs@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: Bug reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 28 Feb 2013 14:10:01 -0000 >Number: 176503 >Category: kern >Synopsis: ipfw layer2 problem >Confidential: no >Severity: non-critical >Priority: low >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Thu Feb 28 14:10:00 UTC 2013 >Closed-Date: >Last-Modified: >Originator: Robert Heron >Release: 9.1R >Organization: HERON >Environment: FreeBSD server 9.1-RELEASE FreeBSD 9.1-RELEASE #1: .... i386 >Description: I use ipfw firewall with settings: In Kernel: options IPDIVERT options IPFIREWALL options IPFIREWALL_FORWARD sysctl: net.inet.ip.forwarding=1 net.link.ether.ipfw=1 The problem: I have a rule in my firewall: 1000 allow ip from any to any layer2 in MAC any any and when an incoming packet matches this rule it is passed further to the next rule. 'ipfw show' shows, that the packet was matched by this rule and then passed to the next rule. As described in 'man ipfw' the packet should be accepted by this rule and the search should be terminated, but this doesn't happen. >How-To-Repeat: >Fix: >Release-Note: >Audit-Trail: >Unformatted: