From owner-freebsd-ipfw@FreeBSD.ORG Wed Apr 7 15:10:35 2010 Return-Path: Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 871EB1065670 for ; Wed, 7 Apr 2010 15:10:35 +0000 (UTC) (envelope-from fjwcash@gmail.com) Received: from mail-iw0-f171.google.com (mail-iw0-f171.google.com [209.85.223.171]) by mx1.freebsd.org (Postfix) with ESMTP id 4E7258FC0A for ; Wed, 7 Apr 2010 15:10:35 +0000 (UTC) Received: by iwn1 with SMTP id 1so601853iwn.27 for ; Wed, 07 Apr 2010 08:10:34 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:in-reply-to:references :date:received:message-id:subject:from:to:content-type; bh=YJjqucwhjrdOV4BOkXmud2MncK4ug6x4fM9Bl62sXks=; b=Zqw7/QDQeV+CpqYH7wXIKjuIm5cMrXCWJKcCE/CiH/oHxyyz+hdcgX6oc+zKP+eZUG XYcd9oLxHJc/nZ5jr3Ng0Y3u7ctBZXZG+SpcqxKy/sZ1hGGWDMu1n38aJFhRh0UtiXg/ 4Qdk1UBiq2If9SsFuap5QtWOPPYhCS7CZXvWk= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type; b=wwkOFT19bIKVnqPwVuTweVBsdyAn0HwOknHYn2pdnSweDBoX6c1YQ2eN+nwI8z++9Y ndG8hg51S+q8ceM65udOQXZkuKscmJzzuCQ0JbtVZUe7uJtKAgRy/GcAHPMTosbQ2AcI yhO81DnlI97tFHw7nMn15n5wjX80ZnM9UYUa8= MIME-Version: 1.0 Received: by 10.231.14.76 with HTTP; Wed, 7 Apr 2010 08:10:34 -0700 (PDT) In-Reply-To: <4BBC19B0.8060304@fuujingroup.com> References: <1298035093.20100405114112@nitronet.pl> <4BBC19B0.8060304@fuujingroup.com> Date: Wed, 7 Apr 2010 08:10:34 -0700 Received: by 10.231.158.202 with SMTP id g10mr4123413ibx.43.1270653034308; Wed, 07 Apr 2010 08:10:34 -0700 (PDT) Message-ID: From: Freddie Cash To: freebsd-ipfw@freebsd.org Content-Type: text/plain; charset=UTF-8 X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Subject: Re: rule 00000. X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 07 Apr 2010 15:10:35 -0000 2010/4/6 Erich Jenkins, Fuujin Group Ltd > Pawel Tyll wrote: > >> Unfortunately FreeBSD 8.0-STABLE #0: Mon Apr 5 08:43:58 CEST 2010 >> still has problems. >> >> ipfw show: >> (...) >> 65534 44262253 27617819701 allow ip from any to any >> 00001 5335 405460 allow ip from me to any dst-port 123 >> 00000 0 0 ip from any to any >> >> Anything I can do to help? >> > > Pawel: > > My skin crawled the moment I read this post. Could you provide a bit more > information about this issue? I manage a very large deployment of FreeBSD > boxes which are geographically dispersed, and we've started upgrading them > to the 8.0 release. My default policy is to deny everything but the services > running, so I generally end with a "deny all" statement, and the last thing > I want is to lock myself out and have to dispatch a technician... > > Is this problem localized to any particular architecture? (we have sparc64, > amd64 and i386 servers deployed). Is this just the stable branch that's > affected, or was this bug also in the ISO release? (I deploy via > NFS/FTP/bootp from internal servers hosting the ISO images). > > If you read the archives of this list, you'll find that this issue only applies to 8-STABLE after the 8.0 release. Thus, if you upgrade to 8.0-RELEASE, you will not run into this problem. Luigi is doing a bunch of cleanups, refactoring, and updates to the ipfw code in 8-STABLE/9-CURRENT. Things are a bit unstable right now, but getting better with each passing day. IOW, nothing to worry about unless you have plans to upgrade to 8-STABLE. :) -- Freddie Cash fjwcash@gmail.com