From owner-freebsd-security Wed Mar 14 13:11: 0 2001 Delivered-To: freebsd-security@freebsd.org Received: from mail.ruhr.de (in-ruhr4.ruhr.de [212.23.134.2]) by hub.freebsd.org (Postfix) with SMTP id D7C8937B71C for ; Wed, 14 Mar 2001 13:10:56 -0800 (PST) (envelope-from ue@nathan.ruhr.de) Received: (qmail 3421 invoked by uid 10); 14 Mar 2001 21:10:54 -0000 Received: (from ue@localhost) by nathan.ruhr.de (8.11.3/8.11.2) id f2EL6EL94714 for security@FreeBSD.ORG; Wed, 14 Mar 2001 22:06:14 +0100 (CET) (envelope-from ue) Date: Wed, 14 Mar 2001 22:06:14 +0100 From: Udo Erdelhoff To: security@FreeBSD.ORG Subject: Re: ipfw rule -1? Message-ID: <20010314220613.L83336@nathan.ruhr.de> Mail-Followup-To: security@FreeBSD.ORG References: <20010313084020.A5859@agora.rdrop.com> <20010313232014.B496@cjc-desktop.users.reflexcom.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <20010313232014.B496@cjc-desktop.users.reflexcom.com>; from cjclark@reflexnet.net on Tue, Mar 13, 2001 at 11:20:14PM -0800 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Tue, Mar 13, 2001 at 11:20:14PM -0800, Crist J. Clark wrote: > Rule -1 is given for any packet dropped, but not dropped due to a user > rule or the default rule. A quick look at the souce indicates the > above pseudo-rule and some other fragment issues (bogusfrag) are the > only such situations. Hmm, I have the following setup: A -current box mounts /usr/src5 and /usr/obj5 via NFS from a RELENG_4 box. Doing "make installworld" fails as soon there's a fragmented NFS packet - the fragments are dropped by rule -1. I switched to a kernel without ipfw to be able to complete the installworld. The kernel was PRE_SMPNG. Were there any bugfixes in this area or should I try to reproduce the problem with a current -current? /s/Udo -- I figure that if the burned hand teaches best, then the entire scorched epidermis simply has to get its point across. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message