From owner-freebsd-bugs Sun Feb 4 7:10:20 2001 Delivered-To: freebsd-bugs@hub.freebsd.org Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21]) by hub.freebsd.org (Postfix) with ESMTP id D0EAD37B4EC for ; Sun, 4 Feb 2001 07:10:02 -0800 (PST) Received: (from gnats@localhost) by freefall.freebsd.org (8.11.1/8.11.1) id f14FA2v26746; Sun, 4 Feb 2001 07:10:02 -0800 (PST) (envelope-from gnats) Received: from squid.dnepr.net (squid.dnepr.net [195.24.156.115]) by hub.freebsd.org (Postfix) with ESMTP id E3B1437B491 for ; Sun, 4 Feb 2001 07:06:19 -0800 (PST) Received: (from land@localhost) by squid.dnepr.net (8.11.2/8.11.1) id f12Ei8E01711; Fri, 2 Feb 2001 16:44:08 +0200 (EET) (envelope-from land) Message-Id: <200102021444.f12Ei8E01711@squid.dnepr.net> Date: Fri, 2 Feb 2001 16:44:08 +0200 (EET) From: land@dnepr.net Reply-To: land@dnepr.net To: FreeBSD-gnats-submit@freebsd.org X-Send-Pr-Version: 3.2 Subject: kern/24849: broken firewall (ipfw established bug) Sender: owner-freebsd-bugs@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org >Number: 24849 >Category: kern >Synopsis: "ipfw add allow tcp from any to any established" rule passes TCP setup >Confidential: no >Severity: critical >Priority: high >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Sun Feb 04 07:10:00 PST 2001 >Closed-Date: >Last-Modified: >Originator: Andrey Lakhno >Release: FreeBSD 4.2-STABLE i386 >Organization: >Environment: FreeBSD squid.dnepr.net 4.2-STABLE FreeBSD 4.2-STABLE #0: Fri Feb 2 13:25:58 EET 2001 land@host.net:/usr/obj/usr/src/sys/HOST i386 >Description: 0100 allow tcp from any to any established 0200 deny tcp from any to any setup 0300 allow ip from any to any TCP setup connection match rule 100. >How-To-Repeat: Use previous ruleset and try to establish TCP connection. >Fix: >Release-Note: >Audit-Trail: >Unformatted: To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-bugs" in the body of the message