Date: Mon, 25 Aug 1997 13:39:54 -0400 (EDT) From: Thomas David Rivers <ponds!rivers@dg-rtp.dg.com> To: ponds!freefall.cdrom.com!freebsd-hackers Subject: 2.2-970825 and ipfw.. Message-ID: <199708251739.NAA00650@lakes.dignus.com>
next in thread | raw e-mail | index | archive | help
F.Y.I. -
I just researched this a little bit; to avert anyone else doing
unnecessary work:
In ip_fw.c:check_ipfw_struct(), we have:
/* Must apply to incoming or outgoing (or both) */
if (!(frwl->fw_flg & (IP_FW_F_IN | IP_FW_F_OUT))) {
dprintf(("%s neither in nor out\n", err_prefix));
return (NULL);
}
But - in previous versions of 2.2 sources, if neither of these
was set; we assumed both as in:
/* If neither In nor Out, then both */
if (!(frwl->fw_flg & (IP_FW_F_IN | IP_FW_F_OUT)))
frwl->fw_flg |= IP_FW_F_IN | IP_FW_F_OUT;
This is the change that appears to have broken my ipfw setup...
Looking at the ipfw in the ssbin.XX files for 2.2-970825, I see
the following:
/* No direction specified -> do both directions */
if (!(rule.fw_flg & (IP_FW_F_OUT|IP_FW_F_IN)))
rule.fw_flg |= (IP_FW_F_OUT|IP_FW_F_IN);
So - although I haven't verified this; it appears the ip_fw.c
check is valid, and ipfw has been updated appropriately.
- Dave Rivers -
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199708251739.NAA00650>