From owner-freebsd-bugs@FreeBSD.ORG Sun Jan 18 12:00:41 2004 Return-Path: Delivered-To: freebsd-bugs@hub.freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 600F416A4D1 for ; Sun, 18 Jan 2004 12:00:41 -0800 (PST) Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21]) by mx1.FreeBSD.org (Postfix) with ESMTP id A3CE743D45 for ; Sun, 18 Jan 2004 12:00:38 -0800 (PST) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (gnats@localhost [127.0.0.1]) i0IK0cFR097203 for ; Sun, 18 Jan 2004 12:00:38 -0800 (PST) (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.12.10/8.12.10/Submit) id i0IK0c9U097202; Sun, 18 Jan 2004 12:00:38 -0800 (PST) (envelope-from gnats) Resent-Date: Sun, 18 Jan 2004 12:00:38 -0800 (PST) Resent-Message-Id: <200401182000.i0IK0c9U097202@freefall.freebsd.org> Resent-From: FreeBSD-gnats-submit@FreeBSD.org (GNATS Filer) Resent-To: freebsd-bugs@FreeBSD.org Resent-Reply-To: FreeBSD-gnats-submit@FreeBSD.org, Roderick van Domburg Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 83A1E16A4CE for ; Sun, 18 Jan 2004 11:55:01 -0800 (PST) Received: from netlx014.civ.utwente.nl (netlx014.civ.utwente.nl [130.89.1.88]) by mx1.FreeBSD.org (Postfix) with ESMTP id F195D43D2F for ; Sun, 18 Jan 2004 11:54:56 -0800 (PST) (envelope-from roderick@stud187236.mobiel.utwente.nl) Received: from stud187236.mobiel.utwente.nl (stud187236.mobiel.utwente.nl [130.89.187.236])i0IJshJ22515 for ; Sun, 18 Jan 2004 20:54:43 +0100 Received: from stud187236.mobiel.utwente.nl (localhost [127.0.0.1]) i0IJsorl003974 for ; Sun, 18 Jan 2004 20:54:50 +0100 (CET) (envelope-from roderick@stud187236.mobiel.utwente.nl) Received: (from roderick@localhost)i0IJso4I003973; Sun, 18 Jan 2004 20:54:50 +0100 (CET) (envelope-from roderick) Message-Id: <200401181954.i0IJso4I003973@stud187236.mobiel.utwente.nl> Date: Sun, 18 Jan 2004 20:54:50 +0100 (CET) From: Roderick van Domburg To: FreeBSD-gnats-submit@FreeBSD.org X-Send-Pr-Version: 3.113 Subject: kern/61544: ip6fw breakage on (at least) sparc64 X-BeenThere: freebsd-bugs@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Bug reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 18 Jan 2004 20:00:41 -0000 >Number: 61544 >Category: kern >Synopsis: ip6fw breakage on (at least) sparc64 >Confidential: no >Severity: critical >Priority: medium >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Sun Jan 18 12:00:38 PST 2004 >Closed-Date: >Last-Modified: >Originator: Roderick van Domburg >Release: FreeBSD 5.2-CURRENT sparc64 >Organization: University of Twente >Environment: System: FreeBSD stud187236.mobiel.utwente.nl 5.2-CURRENT FreeBSD 5.2-CURRENT #0: Sun Jan 18 01:30:58 CET 2004 roderick@stud187236.mobiel.utwente.nl:/usr/obj/usr/src/sys/MAGOG sparc64 >Description: I just built and installed a new world and kernel on a sparc64, and unfortunately ip6fw no longer seems to work correctly. The box runs an IPv6-enabled Apache server. With the previous kernel (Sun Jan 11 14:03:52 CET 2004), I could access that Apache server without any problems from my IPv6-enabled workstation. With today's kernel (Sun Jan 18 01:30:58 CET 2004) the same firewall configuration no longer does the trick (attached below). Funny thing: if I issue a "ip6fw add 50 allow ipv6 from any to any", everything looks peachy, but a "ip6fw add 50 allow tcp from any to any" blocks traffic all the same. >How-To-Repeat: Firewall configuration: 00100 allow ipv6 from any to any via lo0 00200 allow ipv6-icmp from :: to ff02::/16 00300 allow ipv6-icmp from fe80::/10 to fe80::/10 00400 allow ipv6-icmp from fe80::/10 to ff02::/16 00500 allow ipv6 from fe80::/10 to ff02::/16 00600 allow ipv6 from 2001:610:1908::/48 to ff02::/16 00700 allow tcp from any to any established 00800 allow ipv6 from any to any frag 00900 allow tcp from any to 2001:610:1908:8000:a00:20ff:fecf:c01b 22 setup 01000 allow tcp from any to 2001:610:1908:8000:a00:20ff:fecf:c01b 25 setup 01100 allow tcp from any to 2001:610:1908:8000:a00:20ff:fecf:c01b 80 setup 01200 allow tcp from 2001:610:1908:8000:a00:20ff:fecf:c01b to any setup 01300 deny tcp from any to any setup 01400 allow udp from any 53 to 2001:610:1908:8000:a00:20ff:fecf:c01b 01500 allow udp from 2001:610:1908:8000:a00:20ff:fecf:c01b to any 53 01600 allow ipv6-icmp from any to any icmptype 33 01700 allow ipv6-icmp from any to any icmptype 34 65535 deny ipv6 from any to any >Fix: Unknown. >Release-Note: >Audit-Trail: >Unformatted: