From owner-freebsd-hackers  Fri Jan 13 04:05:21 1995
Return-Path: hackers-owner
Received: (from root@localhost) by freefall.cdrom.com (8.6.9/8.6.6) id EAA06577 for hackers-outgoing; Fri, 13 Jan 1995 04:05:21 -0800
Received: from NS.netvision.net.il (root@ns.NetVision.net.il [192.114.201.5]) by freefall.cdrom.com (8.6.9/8.6.6) with ESMTP id EAA06569 for <hackers@FreeBSD.org>; Fri, 13 Jan 1995 04:05:17 -0800
Received: from ugen.NetManage.co.il (ugen.netmanage.co.il [192.114.78.165]) by NS.netvision.net.il (8.6.9/8.6.9) with SMTP id OAA01591; Fri, 13 Jan 1995 14:05:00 +0200
Date: Fri, 13 Jan 95 14:05:52 IST
From: "Ugen J.S.Antsilevich" <ugen@netvision.net.il>
Subject: Re: Anyone working on the ipfirewall code ? 
To: hackers@FreeBSD.org, Stephen McKay <syssgm@devetir.qld.gov.au>
Cc: Jakob Schripsema <sch@telecom.ptt.nl>
X-Mailer: Chameleon 4.00-Arm-25, TCP/IP for Windows, NetManage Inc.
Message-ID: <Chameleon.950113140731.ugen@ugen.NetManage.co.il>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: hackers-owner@FreeBSD.org
Precedence: bulk

>
>Anyway, I'm about to build a new kernel including the following patch:
>(This is relative to 2.0R, and should fix the 'ipfw policy deny' crash, and
>the inability to have both 'tcp' and 'udp' filters active simultaneously.)
>
>--- netinet/ip_fw.c.dist	Tue Nov  8 22:47:27 1994
>+++ netinet/ip_fw.c	Fri Jan 13 17:27:12 1995
>@@ -277,6 +277,7 @@
>      * be ever accepted or rejected...
>      */
> 
>+#if 0	/* HEY, THIS CRAP AIN'T DOIN' ANYBODY ANY GOOD! */
This code WORKS and does actually good thing for those who
want to see packets while they are rejected....If you don't need
this it is still useful,for me as example:)
> #ifdef IPFIREWALL_VERBOSE
> 		/*
> 		 * VERY ugly piece of code which actually
>@@ -306,6 +307,7 @@
> 	return(0);
>     }
> #endif
>+#endif /* CRAP */
>     return(ip_fw_policy);
> 
> }
>@@ -371,8 +373,10 @@
> 
> 		if (newkind!=IP_FW_F_ALL 
> 		&&  oldkind!=IP_FW_F_ALL
>-		&&  oldkind!=newkind)
>+		&&  oldkind!=newkind) {
>+			chtmp_prev=chtmp;
> 			continue;
>+		}
> 		/*
> 		 * Very very *UGLY* code...
> 		 * Sorry,but i had to do this....
>
This patch is completely wrong but -current already patched
from that problemm in another way.Sorry:)

-- 
-=Ugen J.S.Antsilevich=-
NetVision - Israeli Commercial Internet          |  Learning 
E-mail: ugen@NetVision.net.il                    | To Fly. [c]
Phone : +972-4-550330                            |