From owner-freebsd-hackers Sun Jul 6 16:51:54 1997 Return-Path: Received: (from root@localhost) by hub.freebsd.org (8.8.5/8.8.5) id QAA12096 for hackers-outgoing; Sun, 6 Jul 1997 16:51:54 -0700 (PDT) Received: from whistle.com (s205m131.whistle.com [207.76.205.131]) by hub.freebsd.org (8.8.5/8.8.5) with ESMTP id QAA12087; Sun, 6 Jul 1997 16:51:43 -0700 (PDT) Received: (from smap@localhost) by whistle.com (8.7.5/8.6.12) id QAA18549; Sun, 6 Jul 1997 16:51:13 -0700 (PDT) Received: from bubba.whistle.com(207.76.205.7) by whistle.com via smap (V1.3) id sma018547; Sun Jul 6 16:51:01 1997 Received: (from archie@localhost) by bubba.whistle.com (8.8.5/8.6.12) id QAA13723; Sun, 6 Jul 1997 16:51:01 -0700 (PDT) From: Archie Cobbs Message-Id: <199707062351.QAA13723@bubba.whistle.com> Subject: Re: kern/3446 In-Reply-To: <199707062239.PAA26655@quack.kfu.com> from "nsayer@quack.kfu.com" at "Jul 6, 97 03:39:44 pm" To: nsayer@quack.kfu.com Date: Sun, 6 Jul 1997 16:51:01 -0700 (PDT) Cc: fenner@FreeBSD.ORG, joerg@FreeBSD.ORG, jkh@FreeBSD.ORG, hackers@FreeBSD.ORG X-Mailer: ELM [version 2.4ME+ PL31 (25)] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-hackers@FreeBSD.ORG X-Loop: FreeBSD.org Precedence: bulk > > Synopsis: IPFIREWALL reject returns port unreachable, not host > > > State-Changed-From-To: open-closed > > State-Changed-By: fenner > > State-Changed-When: Sun Jul 6 12:42:34 PDT 1997 > > State-Changed-Why: > > Turns out this is yet another duplicate, for kern/3452. > > I missed that one because it's closed. > > I don't know how so many duplicates got made. I believe I sent this > in a total of twice. > > I must protest in the strongest possible terms the closure without > action of this PR. > > The language given in the closure of 3452 suggests that the PR > should be dismissed because FreeBSD is acting correctly > according to the RFCs. That is not the issue here. The issue > here is that behavior that is correct according to the RFC > breaks what is perhaps the most populous unix implementation > that the world has ever known. I feel that that is worth at > _least_ of a sysctl variable (as exists for TCP extensions, > for exmaple), if not an outright substitution of behavior that > actually works for behavior that is theoretically correct. This bug is made obsolete by the new ipfw changes, which allow you to specify as part of the rule itself what type of ICMP error code is returned... so you can now choose either way :-) -Archie ___________________________________________________________________________ Archie Cobbs * Whistle Communications, Inc. * http://www.whistle.com