From owner-freebsd-stable  Sun Feb  4  5:10:52 2001
Delivered-To: freebsd-stable@freebsd.org
Received: from mgate10.so-net.ne.jp (mgate10.so-net.ne.jp [210.139.254.157])
	by hub.freebsd.org (Postfix) with ESMTP id CD25C37B65D
	for <freebsd-stable@FreeBSD.org>; Sun,  4 Feb 2001 05:10:33 -0800 (PST)
Received: from mail.ya3.so-net.ne.jp (mspool11.so-net.ne.jp [210.139.248.11])
	by mgate10.so-net.ne.jp (8.9.3/3.7W00122022) with ESMTP id WAA28777
	for <freebsd-stable@FreeBSD.org>; Sun, 4 Feb 2001 22:10:32 +0900 (JST)
Received: from localhost (p84e4ba.ykhmpc00.ap.so-net.ne.jp [210.132.228.186])
	by mail.ya3.so-net.ne.jp (8.9.3/3.7W99092111) with ESMTP id WAA09026
	for <freebsd-stable@FreeBSD.org>; Sun, 4 Feb 2001 22:10:30 +0900 (JST)
To: freebsd-stable@FreeBSD.org
Subject: ipfw issue of 4.2-stable
From: Yoshihiro Koya <Yoshihiro.Koya@math.yokohama-cu.ac.jp>
X-Mailer: Mew version 1.94.1 on Emacs 19.34 / Mule 2.3 (SUETSUMUHANA)
Mime-Version: 1.0
Content-Type: Text/Plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Message-Id: <20010204221448O.ipfw@ya3.so-net.ne.jp>
Date: Sun, 04 Feb 2001 22:14:48 +0900
X-Dispatcher: imput version 990905(IM130)
Lines: 55
Sender: owner-freebsd-stable@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

Hello,

I cvsup'd today at Feb  4 10:18:15 UTC. Everything seem to work fine.
But I found some issue around ipfw.

Before Jan 27 my ipfw produced the following log:

Jan 26 12:53:19 presario /kernel: \
ipfw: 1000 Deny TCP 203.178.141.212:4946 210.132.234.64:113 in via tun0
Jan 27 00:08:52 presario /kernel: \
ipfw: 1000 Deny TCP 216.6.41.141:3573 210.132.228.179:113 in via tun0

However, the log of new system built today produced

Feb  4 21:56:04 presario /kernel: \
ipfw: 500 Accept TCP 210.139.248.31:49208 210.132.234.20:113 in via tun0

Please keep in the mind that I've never changed my ipfw configuration
file essentially.  I only add "pass" in the following line.

add pass log tcp from any to any established

The followings are additional information on my ipfw.

# uname -a 
FreeBSD presario.my.domain 4.2-STABLE FreeBSD 4.2-STABLE #0: \
Sun Feb  4 20:14:24 JST 2001     \
root@presario.my.domain:/usr/obj/usr/src/sys/presario  i386

# ipfw -a list
00100  0    0 allow ip from any to any via lo0
00100  0    0 allow ip from any to any via lo0
00200  0    0 deny ip from any to 127.0.0.0/8
00300  0    0 deny log logamount 100 ip from 192.168.0.0/24 to any in recv tun0
00400  0    0 allow ip from any to any via dc0
00500 45 5284 allow log logamount 100 tcp from any to any established
00600  0    0 allow tcp from any 20 to any in recv tun0 setup
00700  0    0 allow tcp from any to any out xmit tun0 setup
00800  2  133 allow udp from any to any 53 out xmit tun0
00900  2  669 allow udp from any 53 to any in recv tun0
01000  0    0 deny log logamount 100 tcp from any to any in recv tun0 setup
01100  0    0 deny log logamount 100 udp from any to any via tun0
01200  2 3000 allow icmp from any to any
65535  0    0 deny ip from any to any

I guess that ipfw now cannot recoginize some TCP flags.  Before 27
Jan, ident check had been refused by my the rule 1000. 
Is there a problem in my setting? Or, Is there a problem elsewhere?

BTW, I also have -current box. The -current box didnt cause such a 
problem. 

Does someone have some suggestion?

koya


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-stable" in the body of the message