From owner-freebsd-current@freebsd.org Wed Mar 11 07:57:28 2020 Return-Path: Delivered-To: freebsd-current@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id E96AA25726B for ; Wed, 11 Mar 2020 07:57:28 +0000 (UTC) (envelope-from ohartmann@walstatt.org) Received: from mout.gmx.net (mout.gmx.net [212.227.17.22]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "mout.gmx.net", Issuer "TeleSec ServerPass Class 2 CA" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 48cknz3mBSz4JH5 for ; Wed, 11 Mar 2020 07:57:27 +0000 (UTC) (envelope-from ohartmann@walstatt.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=gmx.net; s=badeba3b8450; t=1583913445; bh=GZPj79dJyEo0jk7RJ3kg6LSBjv4KxAGZGp6o03GNLBU=; h=X-UI-Sender-Class:Date:From:To:Subject; b=YI4jganC0VBa0OQH/Kx6McrI2EmZnllkoCqZMJTs50SuKuXxepF6+vxcYKP2sQ5Nh ptd0HhqxABIUUJEPdFm6hNucOHdgkbYcvN8LroPnr8jitjr8gsQcuGFGwlDqvUmgbR ogatVYltbI4RnVu+Q5odpJKzgQ3QosREbFQQbKHo= X-UI-Sender-Class: 01bb95c1-4bf8-414a-932a-4f6e2808ef9c Received: from freyja ([79.192.162.249]) by mail.gmx.com (mrgmx105 [212.227.17.168]) with ESMTPSA (Nemesis) id 1MatRT-1jjcEg0Mg7-00cNIZ for ; Wed, 11 Mar 2020 08:57:25 +0100 Date: Wed, 11 Mar 2020 08:57:22 +0100 From: "O. Hartmann" To: freebsd-current Subject: r358858: ipfw: bad destination address any Message-ID: <20200311085718.009a7f44@freyja> MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit X-Provags-ID: V03:K1:A1szYl/WKrW+Q/5a1Y2lFePUftMnO66f/HXRDd9THvLYRbQzHuW OA4NvqZRswTMK5OWCRRnE7VtA7TNgjGX0JuD3e3x0I8VPxHjK/Y8wMSa+3/pPCZj880GhL1 wgguzJ7nAXY+gMxB+/nR67QQnnL4NpmM2hP/SH7MRBZ2rt+LH5S8KBfiCKu9DOKo/3BftqC IqUXIsGCd/DrbIMMkKyHg== X-Spam-Flag: NO X-UI-Out-Filterresults: notjunk:1;V03:K0:dfHj30EsPPc=:GfTbb7PrwD4Tk4t7ISP5Vz CvK0HkFJVBUyaHEGEYAiIFw3Kg50Y/l/5u6pP6VpTLyjTUIilHE7igLhIMuhDXwWbUoT1q3I5 DyS6JP8CKP9UtmB553s8tV+0PI60NlOluceUnZ77O9vxQ1JztHoFQaa3LtaadblWtdhs8sbto xRbLQJXVbhiCv1TySoXqjEBqoX2+PEqFQadVJ4qM5XWDxRLe3SaKTfZU0EKIXJJURF3t91Q5o 4c5sO85kaefIWfXlewvsFXE6ytyCWxUInguu+Met4NHBuKU/GR9WAeY6EDEa114gXhBmKWg/0 lLILA2M8ZxXVXS/N5mWGkECMVSd1dBt/bHxABTljB42GlItWknTaTbb+loGkcT8dsW85/uzZi yp05cvnJXjCccspQ5r6U/0f5dwjyggxkPeSEECFarnEa+xvVTl0YHleMnGFwyvuEDtte/rqf6 syLyLUyN2l2MQDuEcJUOp8t33m8I2yvqalDyld9QIYoAa3Ib1+263sr87DIYbpZ4GHYiPocBr LZM7ZUdY/EkNlmfAr43to/k+RFP//uE5evZFXFbUk7AHHo7Ct8PNZ/Z6eQBpUCv1w8usUM37/ qf6X/o9wEJ2el4xVMlUN1MVVaaejfK+eRTYeD4oP/xLUdccJoy1cSxutzbsPmMBDgOEuUE6X/ ckj00jzgIVtkPauHvEmNvYf7AEpjqIUP0qPVxtLix9E7bt5ybCis4QJscBm9cE7LKHvCrG1fP Ru5aCGoneNedwJzybc1DIEWZ/k6Rp0n7zRlw40hHSh8vKe9brXEMecDfFlgmN+ctJC+jBaOHK JZn7SfDP6ysn6Ip2VemeIffzNGOcTPJXSXTEoy02qBMxyJjhqvXgrpY0bKmHqiPasCdpM3nrZ NM7G7Xz+DE15D5pNt/7yNbzXrcvvxmkYUydpEU6J82h7xEQ8vegCjhoXDIXNwjdA6mMVN7ZbR UjiajNFg3YL46XFHOZPt1sz3y9RytODsPRYHAedz01vEg+dm9jNzeu1u3/QtwuXe5fQ+m+low SSkPhm98mx2PMxfG/SI4l5a0JXvNYQQY10N5exx0GfNzW7WfR4f456GKwYd38D2T+G++IRoun v8xNra1SbP6ode3zh0hY+V7NKP271GJUkGCEZKK2NzfEHWyKGuFdkuHZUgHL40Nx1OEk0aEek 2zY9ufCmXt6G6ioZanYveGZWKhowVpz7S+OEzyEQ4ObWyWaOsnLrybkpSclW8Pt8DhjkchubV Kp6DSczUlWOFO4pwc X-Rspamd-Queue-Id: 48cknz3mBSz4JH5 X-Spamd-Bar: -- Authentication-Results: mx1.freebsd.org; dkim=pass header.d=gmx.net header.s=badeba3b8450 header.b=YI4jganC; dmarc=none; spf=none (mx1.freebsd.org: domain of ohartmann@walstatt.org has no SPF policy when checking 212.227.17.22) smtp.mailfrom=ohartmann@walstatt.org X-Spamd-Result: default: False [-2.20 / 15.00]; ARC_NA(0.00)[]; RCVD_VIA_SMTP_AUTH(0.00)[]; R_DKIM_ALLOW(-0.20)[gmx.net:s=badeba3b8450]; RECEIVED_SPAMHAUS_PBL(0.00)[249.162.192.79.khpj7ygk5idzvmvt5x4ziurxhy.zen.dq.spamhaus.net : 127.0.0.10]; FROM_HAS_DN(0.00)[]; TO_MATCH_ENVRCPT_ALL(0.00)[]; NEURAL_HAM_LONG(-1.00)[-1.000,0]; MIME_GOOD(-0.10)[text/plain]; PREVIOUSLY_DELIVERED(0.00)[freebsd-current@freebsd.org]; DMARC_NA(0.00)[walstatt.org]; RCPT_COUNT_ONE(0.00)[1]; IP_SCORE(-1.00)[ip: (-6.04), ipnet: 212.227.0.0/16(-1.12), asn: 8560(2.17), country: DE(-0.02)]; TO_DN_ALL(0.00)[]; DKIM_TRACE(0.00)[gmx.net:+]; NEURAL_HAM_MEDIUM(-0.30)[-0.300,0]; R_SPF_NA(0.00)[]; RCVD_IN_DNSWL_LOW(-0.10)[22.17.227.212.list.dnswl.org : 127.0.3.1]; FROM_EQ_ENVFROM(0.00)[]; MID_RHS_NOT_FQDN(0.50)[]; ASN(0.00)[asn:8560, ipnet:212.227.0.0/16, country:DE]; MIME_TRACE(0.00)[0:+]; RCVD_TLS_ALL(0.00)[]; RCVD_COUNT_TWO(0.00)[2] X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 11 Mar 2020 07:57:29 -0000 After upgrading to r358858, CURRENT boxes secured by IPFW failed to handle keyword "any" as source and destination and rc script fails to init the filter correctly: [...] ipfw: bad destination address any [...] This renders any box running CURRENT and ipfw startig filter rules via rc.conf or using own scripts containing "any" as keyword for either source or destination to brick the system. Kind regards, O. Hartmann