Date: Fri, 11 Jun 1999 03:50:03 -0700 (PDT) From: Ruslan Ermilov <ru@freebsd.org> To: freebsd-bugs@FreeBSD.org Subject: Re: kern/10747: ipfirewall `deny' rules act as `reject' for `out' packets Message-ID: <199906111050.DAA71448@freefall.freebsd.org>
index | next in thread | raw e-mail
The following reply was made to PR kern/10747; it has been noted by GNATS.
From: Ruslan Ermilov <ru@freebsd.org>
To: freebsd-gnats-submit@freebsd.org, ru@freebsd.org
Cc:
Subject: Re: kern/10747: ipfirewall `deny' rules act as `reject' for `out' packets
Date: Fri, 11 Jun 1999 13:41:28 +0300
Index: ip_input.c
===================================================================
RCS file: /usr/FreeBSD-CVS/src/sys/netinet/ip_input.c,v
retrieving revision 1.111.2.2
diff -u -u -r1.111.2.2 ip_input.c
--- ip_input.c 1999/05/04 16:23:58 1.111.2.2
+++ ip_input.c 1999/06/05 04:55:04
@@ -1510,6 +1510,9 @@
/* type, code set above */
break;
+ case EPERM: /* firewall rejected/denied packet */
+ return; /* don't call icmp_error() twice */
+
case ENETUNREACH: /* shouldn't happen, checked above */
case EHOSTUNREACH:
case ENETDOWN:
Index: ip_output.c
===================================================================
RCS file: /usr/FreeBSD-CVS/src/sys/netinet/ip_output.c,v
retrieving revision 1.85.2.3
diff -u -u -r1.85.2.3 ip_output.c
--- ip_output.c 1999/05/04 16:24:00 1.85.2.3
+++ ip_output.c 1999/06/05 04:46:49
@@ -450,7 +450,7 @@
* packets in case of doubt.
*/
if (!m) { /* firewall said to reject */
- error = EACCES;
+ error = EPERM;
goto done;
}
if (off == 0 && dst == old) /* common case */
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-bugs" in the body of the message
home |
help
Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199906111050.DAA71448>