Date: Mon, 31 Aug 2015 23:43:22 +0000 From: bugzilla-noreply@freebsd.org To: freebsd-bugs@FreeBSD.org Subject: [Bug 202802] ipf reports error with broken rule, but places malformed rule anyway Message-ID: <bug-202802-8@https.bugs.freebsd.org/bugzilla/>
next in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=202802 Bug ID: 202802 Summary: ipf reports error with broken rule, but places malformed rule anyway Product: Base System Version: 10.1-RELEASE Hardware: Any OS: Any Status: New Severity: Affects Many People Priority: --- Component: bin Assignee: freebsd-bugs@FreeBSD.org Reporter: jessica@litw.in Hi, Steps to duplicate: 1.) In an ipf.rules file you can place the following rule exactly as typed (with typo): block in quick proto tcp from8.8.8.8/32 to any 2.) load ipf with 'ipf -F -a -f /etc/ipf.rules' or similar: # ipfstat -hi empty list for ipfilter(in) # ipfstat -ho empty list for ipfilter(out) # ipf -F -a -f /etc/ipf.rules syntax error error at "/", line 1 Expected result: ipf correctly reports a syntax error and does reload rules until the error is corrected. Actual result: # ipfstat -hi 2 block in quick proto tcp from any to any At this point the box is deaf to the world until the rule is removed, corrected, or ipf is flushed via console. -- You are receiving this mail because: You are the assignee for the bug.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-202802-8>