From owner-freebsd-ipfw@FreeBSD.ORG Wed Aug 3 08:35:40 2005 Return-Path: X-Original-To: freebsd-ipfw@FreeBSD.ORG Delivered-To: freebsd-ipfw@FreeBSD.ORG Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 2C23016A41F for ; Wed, 3 Aug 2005 08:35:40 +0000 (GMT) (envelope-from olli@lurza.secnetix.de) Received: from lurza.secnetix.de (lurza.secnetix.de [83.120.8.8]) by mx1.FreeBSD.org (Postfix) with ESMTP id 085DC43D53 for ; Wed, 3 Aug 2005 08:35:38 +0000 (GMT) (envelope-from olli@lurza.secnetix.de) Received: from lurza.secnetix.de (nefezk@localhost [127.0.0.1]) by lurza.secnetix.de (8.13.1/8.13.1) with ESMTP id j738Zb79009263 for ; Wed, 3 Aug 2005 10:35:38 +0200 (CEST) (envelope-from oliver.fromme@secnetix.de) Received: (from olli@localhost) by lurza.secnetix.de (8.13.1/8.13.1/Submit) id j738Zb1q009262; Wed, 3 Aug 2005 10:35:37 +0200 (CEST) (envelope-from olli) Date: Wed, 3 Aug 2005 10:35:37 +0200 (CEST) Message-Id: <200508030835.j738Zb1q009262@lurza.secnetix.de> From: Oliver Fromme To: freebsd-ipfw@FreeBSD.ORG In-Reply-To: <20050802143211.A74003@xorpc.icir.org> X-Newsgroups: list.freebsd-ipfw User-Agent: tin/1.5.4-20000523 ("1959") (UNIX) (FreeBSD/4.11-RELEASE (i386)) Cc: Subject: Re: Another bug in IPFW@ ...? X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: freebsd-ipfw@FreeBSD.ORG List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 03 Aug 2005 08:35:40 -0000 Luigi Rizzo wrote: > ok, so the problem is the following: when i implemented ipfw2 > i thought that 'recv any' or 'xmit any' were effectively NOPs > so the parser erroneously removes them, together with any 'not' prefix > (which is processed before). That explains it. I was a little confused by the ipfw(8) manpage: It says: "recv any [...] matches packets received [...] through some interface", and two paragraphs later: "A packet may not have a receive [...] interface: packets originating from the local host have no receive interface". That clearly implies that "recv any" shouldn't be a NOP. :-) > To fix this one should > [...] > if you want to try, this should be all Thank you very much! I will give it a try, but it will take a little while, because I cannot reboot this router any time (ipfw is configured statically in the kernel). Thanks again, Luigi, I appreciate your assistance! Best regards Oliver -- Oliver Fromme, secnetix GmbH & Co KG, Marktplatz 29, 85567 Grafing Any opinions expressed in this message may be personal to the author and may not necessarily reflect the opinions of secnetix in any way. I suggested holding a "Python Object Oriented Programming Seminar", but the acronym was unpopular. -- Joseph Strout