Date: Tue, 21 May 2002 23:36:35 +0800 From: Eugene Grosbein <eugen@grosbein.pp.ru> To: stable@freebsd.org Cc: jlemon@freebsd.org Subject: fresh 4.6-RC: ipfw ... to not me Message-ID: <20020521233635.A371@grosbein.pp.ru>
next in thread | raw e-mail | index | archive | help
Hi! ipfw incorrectly displays rules containing 'to not me' or 'from not me'. Example: run this script for firewall_type="open" #!/bin/sh ipfw show echo Add: ipfw add 10 count ip from any to not me ipfw add 20 count ip from any to me echo '' ping -c 1 localhost ipfw show # EOF You'll get: 00100 0 0 allow ip from any to any via lo0 00200 0 0 deny ip from any to 127.0.0.0/8 00300 0 0 deny ip from 127.0.0.0/8 to any 65000 0 0 allow ip from any to any 65535 0 0 deny ip from any to any Add: >00010 count ip from any to me >00020 count ip from any to me PING localhost (127.0.0.1): 56 data bytes 64 bytes from 127.0.0.1: icmp_seq=0 ttl=64 time=0.132 ms --- localhost ping statistics --- 1 packets transmitted, 1 packets received, 0% packet loss round-trip min/avg/max/stddev = 0.132/0.132/0.132/0.000 ms >00010 0 0 count ip from any to me >00020 4 336 count ip from any to me 00100 4 336 allow ip from any to any via lo0 00200 0 0 deny ip from any to 127.0.0.0/8 00300 0 0 deny ip from 127.0.0.0/8 to any 65000 0 0 allow ip from any to any 65535 0 0 deny ip from any to any Look at quoted lines. This seems to be fixed more than week ago in CURRENT, rev. 1.122 of src/sbin/ipfw/ipfw.c but not MFC'd. That commit was quite big and it may be not desirable to MFC all the code now but please fix 'from me' problem before 4.6-RELEASE. Eugene Grosbein To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020521233635.A371>