Date: Fri, 13 Jan 95 14:05:52 IST From: "Ugen J.S.Antsilevich" <ugen@netvision.net.il> To: hackers@FreeBSD.org, Stephen McKay <syssgm@devetir.qld.gov.au> Cc: Jakob Schripsema <sch@telecom.ptt.nl> Subject: Re: Anyone working on the ipfirewall code ? Message-ID: <Chameleon.950113140731.ugen@ugen.NetManage.co.il>
index | next in thread | raw e-mail
>
>Anyway, I'm about to build a new kernel including the following patch:
>(This is relative to 2.0R, and should fix the 'ipfw policy deny' crash, and
>the inability to have both 'tcp' and 'udp' filters active simultaneously.)
>
>--- netinet/ip_fw.c.dist Tue Nov 8 22:47:27 1994
>+++ netinet/ip_fw.c Fri Jan 13 17:27:12 1995
>@@ -277,6 +277,7 @@
> * be ever accepted or rejected...
> */
>
>+#if 0 /* HEY, THIS CRAP AIN'T DOIN' ANYBODY ANY GOOD! */
This code WORKS and does actually good thing for those who
want to see packets while they are rejected....If you don't need
this it is still useful,for me as example:)
> #ifdef IPFIREWALL_VERBOSE
> /*
> * VERY ugly piece of code which actually
>@@ -306,6 +307,7 @@
> return(0);
> }
> #endif
>+#endif /* CRAP */
> return(ip_fw_policy);
>
> }
>@@ -371,8 +373,10 @@
>
> if (newkind!=IP_FW_F_ALL
> && oldkind!=IP_FW_F_ALL
>- && oldkind!=newkind)
>+ && oldkind!=newkind) {
>+ chtmp_prev=chtmp;
> continue;
>+ }
> /*
> * Very very *UGLY* code...
> * Sorry,but i had to do this....
>
This patch is completely wrong but -current already patched
from that problemm in another way.Sorry:)
--
-=Ugen J.S.Antsilevich=-
NetVision - Israeli Commercial Internet | Learning
E-mail: ugen@NetVision.net.il | To Fly. [c]
Phone : +972-4-550330 |
help
Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Chameleon.950113140731.ugen>