Date: Wed, 14 Mar 2001 00:56:44 -0800 (PST) From: cjclark@reflexcom.com To: FreeBSD-gnats-submit@freebsd.org Subject: docs/25796: ipfw(8) manpage has no info on "Rule -1" Message-ID: <200103140856.f2E8ui814762@rfx-216-196-73-168.users.reflexcom.com>
next in thread | raw e-mail | index | archive | help
>Number: 25796 >Category: docs >Synopsis: ipfw(8) manpage has no info on "Rule -1" >Confidential: no >Severity: non-critical >Priority: medium >Responsible: freebsd-doc >State: open >Quarter: >Keywords: >Date-Required: >Class: doc-bug >Submitter-Id: current-users >Arrival-Date: Wed Mar 14 01:00:02 PST 2001 >Closed-Date: >Last-Modified: >Originator: Crist J. Clark >Release: FreeBSD 4.2-STABLE i386 >Organization: >Environment: FreeBSD 4-STABLE and 5-CURRENT standard docs. >Description: When logging is enabled in ipfw(8), it may report that packets were dropped by "Rule -1." From examing the code, this can occur under two conditions: (1) a call to m_pullup returns zero or (2) a TCP fragment with an offset of 1 is encountered. For the first issue, I am not enough of a kernel-mbuf guy to know exactly what the implications are. However, for the second case, there is already text in the ipfw(8) manpage spelling this out, but no reference to the fact this is reported as "Rule -1." >How-To-Repeat: Enable firewall logining and fire tiny, the smallest possible, fragments at it to see "Rule -1." Use 'man ipfw' to review the documentation. >Fix: A quick sentence in ipfw(8) should be a nice RTFM pointer since this pops up frequently on the mail lists. A simple patch, --- ipfw.8.orig Sat Feb 24 04:04:10 2001 +++ ipfw.8 Wed Mar 14 00:46:30 2001 @@ -1006,7 +1006,8 @@ discard, that is a TCP packet's fragment with a fragment offset of one. This is a valid packet, but it only has one use, to try -to circumvent firewalls. +to circumvent firewalls. When logging is enabled, these packets are +reported as being dropped by rule -1. .It If you are logged in over a network, loading the .Xr kld 4 >Release-Note: >Audit-Trail: >Unformatted: To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-doc" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200103140856.f2E8ui814762>