Date: Fri, 27 Mar 1998 10:07:27 +1100 (EST) From: Charlie Root <root@proxy.metro.tas.com.au> To: FreeBSD-gnats-submit@FreeBSD.ORG Subject: i386/6141: IPFW Rules mixup - wrong rule numbers are filtering packets Message-ID: <199803262307.KAA17071@proxy.metro.tas.com.au>
next in thread | raw e-mail | index | archive | help
>Number: 6141 >Category: i386 >Synopsis: IPFW rules are incorrectly filtering packets randomly >Confidential: no >Severity: serious >Priority: medium >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Thu Mar 26 15:10:01 PST 1998 >Last-Modified: >Originator: Charlie & >Organization: Metro Tasmania Pty Ltd >Release: FreeBSD 3.0-980221-SNAP i386 >Environment: The machine is used as a gateway/proxy machine. >Description: We use the rules to log how much traffic travels out on a particular port. additionally we also block other ports. The rules seem to be getting mixed up so some of the allowed ports are being reported as being blocked. Mar 27 09:55:22 proxy /kernel: ipfw: 5300 Deny TCP 147.109.237.5:8080 147.109.165.35:1525 in via ed0 Mar 27 09:56:26 proxy /kernel: ipfw: 5300 Deny TCP 147.109.237.5:8080 147.109.165.35:1525 in via ed0 Here are the relevant rules: $fwcmd add 5300 deny log tcp from any to any 1525 in via $Out $fwcmd add 15900 pass tcp from any 8080 to any out via $In $fwcmd add 16000 pass tcp from any to any 8080 out via $Out $fwcmd add 16100 pass tcp from any 8080 to any in via $In Seems to occur more as the number of rules increase, currently there are approximately 40 rules. >How-To-Repeat: Unknown... >Fix: Unknown.... (Lot of help aren't I <Grin>) >Audit-Trail: >Unformatted: To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-bugs" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199803262307.KAA17071>