From owner-freebsd-bugs@freebsd.org Mon Aug 31 23:43:21 2015 Return-Path: Delivered-To: freebsd-bugs@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id EA64E9C71B0 for ; Mon, 31 Aug 2015 23:43:21 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2001:1900:2254:206a::16:76]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id D6D291EAB for ; Mon, 31 Aug 2015 23:43:21 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from bugs.freebsd.org ([127.0.1.118]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id t7VNhLZC015317 for ; Mon, 31 Aug 2015 23:43:21 GMT (envelope-from bugzilla-noreply@freebsd.org) From: bugzilla-noreply@freebsd.org To: freebsd-bugs@FreeBSD.org Subject: [Bug 202802] ipf reports error with broken rule, but places malformed rule anyway Date: Mon, 31 Aug 2015 23:43:22 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: new X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: bin X-Bugzilla-Version: 10.1-RELEASE X-Bugzilla-Keywords: X-Bugzilla-Severity: Affects Many People X-Bugzilla-Who: jessica@litw.in X-Bugzilla-Status: New X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: freebsd-bugs@FreeBSD.org X-Bugzilla-Target-Milestone: --- X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: bug_id short_desc product version rep_platform op_sys bug_status bug_severity priority component assigned_to reporter Message-ID: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: 7bit X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-bugs@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: Bug reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 31 Aug 2015 23:43:22 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=202802 Bug ID: 202802 Summary: ipf reports error with broken rule, but places malformed rule anyway Product: Base System Version: 10.1-RELEASE Hardware: Any OS: Any Status: New Severity: Affects Many People Priority: --- Component: bin Assignee: freebsd-bugs@FreeBSD.org Reporter: jessica@litw.in Hi, Steps to duplicate: 1.) In an ipf.rules file you can place the following rule exactly as typed (with typo): block in quick proto tcp from8.8.8.8/32 to any 2.) load ipf with 'ipf -F -a -f /etc/ipf.rules' or similar: # ipfstat -hi empty list for ipfilter(in) # ipfstat -ho empty list for ipfilter(out) # ipf -F -a -f /etc/ipf.rules syntax error error at "/", line 1 Expected result: ipf correctly reports a syntax error and does reload rules until the error is corrected. Actual result: # ipfstat -hi 2 block in quick proto tcp from any to any At this point the box is deaf to the world until the rule is removed, corrected, or ipf is flushed via console. -- You are receiving this mail because: You are the assignee for the bug.