Date: Fri, 13 Jan 1995 17:43:47 +1000 From: Stephen McKay <syssgm@devetir.qld.gov.au> To: hackers@FreeBSD.org Cc: Jakob Schripsema <sch@telecom.ptt.nl> Subject: Re: Anyone working on the ipfirewall code ? Message-ID: <199501130743.RAA18845@orion.devetir.qld.gov.au>
next in thread | raw e-mail | index | archive | help
Jakob Schripsema <sch@telecom.ptt.nl> writes:
>Is there anyone working on the ipfirewall code for FreeBSD ?? I intend to
>use it with release 2.0 but I ran into some problems (panics, strange ways
>of handling bitmasks and the like). I hate reinventing wheel, so I someone
>is already working on the code I prefer to join.
Yeah, I'm trying to use the firewall code here at work. It's got a few bugs
and is absolutely gross inside. I don't know how efficient or not it might
be because it is too ugly to read. I'm all for a total discard and rewrite.
I'd love to do this, but unless the boss will fund it, I'm not going to be
able to find time.
There are changes in -current to ip_fw.c, but I can't tell if they do any
good as I can't read them either.
Anyway, I'm about to build a new kernel including the following patch:
(This is relative to 2.0R, and should fix the 'ipfw policy deny' crash, and
the inability to have both 'tcp' and 'udp' filters active simultaneously.)
--- netinet/ip_fw.c.dist Tue Nov 8 22:47:27 1994
+++ netinet/ip_fw.c Fri Jan 13 17:27:12 1995
@@ -277,6 +277,7 @@
* be ever accepted or rejected...
*/
+#if 0 /* HEY, THIS CRAP AIN'T DOIN' ANYBODY ANY GOOD! */
#ifdef IPFIREWALL_VERBOSE
/*
* VERY ugly piece of code which actually
@@ -306,6 +307,7 @@
return(0);
}
#endif
+#endif /* CRAP */
return(ip_fw_policy);
}
@@ -371,8 +373,10 @@
if (newkind!=IP_FW_F_ALL
&& oldkind!=IP_FW_F_ALL
- && oldkind!=newkind)
+ && oldkind!=newkind) {
+ chtmp_prev=chtmp;
continue;
+ }
/*
* Very very *UGLY* code...
* Sorry,but i had to do this....
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199501130743.RAA18845>