From owner-freebsd-bugs  Fri Jun 11  3:50: 5 1999
Delivered-To: freebsd-bugs@freebsd.org
Received: from freefall.freebsd.org (freefall.FreeBSD.ORG [204.216.27.21])
	by hub.freebsd.org (Postfix) with ESMTP id 6CF1314C4E
	for <freebsd-bugs@FreeBSD.org>; Fri, 11 Jun 1999 03:50:03 -0700 (PDT)
	(envelope-from gnats@FreeBSD.org)
Received: (from gnats@localhost)
	by freefall.freebsd.org (8.9.3/8.9.2) id DAA71448;
	Fri, 11 Jun 1999 03:50:03 -0700 (PDT)
	(envelope-from gnats@FreeBSD.org)
Date: Fri, 11 Jun 1999 03:50:03 -0700 (PDT)
Message-Id: <199906111050.DAA71448@freefall.freebsd.org>
To: freebsd-bugs@FreeBSD.org
Cc: 
From: Ruslan Ermilov <ru@freebsd.org>
Subject: Re: kern/10747: ipfirewall `deny' rules act as `reject' for `out' packets
Reply-To: Ruslan Ermilov <ru@freebsd.org>
Sender: owner-freebsd-bugs@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

The following reply was made to PR kern/10747; it has been noted by GNATS.

From: Ruslan Ermilov <ru@freebsd.org>
To: freebsd-gnats-submit@freebsd.org, ru@freebsd.org
Cc:  
Subject: Re: kern/10747: ipfirewall `deny' rules act as `reject' for `out' packets
Date: Fri, 11 Jun 1999 13:41:28 +0300

 Index: ip_input.c
 ===================================================================
 RCS file: /usr/FreeBSD-CVS/src/sys/netinet/ip_input.c,v
 retrieving revision 1.111.2.2
 diff -u -u -r1.111.2.2 ip_input.c
 --- ip_input.c	1999/05/04 16:23:58	1.111.2.2
 +++ ip_input.c	1999/06/05 04:55:04
 @@ -1510,6 +1510,9 @@
  		/* type, code set above */
  		break;
  
 +	case EPERM:			/* firewall rejected/denied packet */
 +		return;			/* don't call icmp_error() twice */
 +
  	case ENETUNREACH:		/* shouldn't happen, checked above */
  	case EHOSTUNREACH:
  	case ENETDOWN:
 Index: ip_output.c
 ===================================================================
 RCS file: /usr/FreeBSD-CVS/src/sys/netinet/ip_output.c,v
 retrieving revision 1.85.2.3
 diff -u -u -r1.85.2.3 ip_output.c
 --- ip_output.c	1999/05/04 16:24:00	1.85.2.3
 +++ ip_output.c	1999/06/05 04:46:49
 @@ -450,7 +450,7 @@
                   * packets in case of doubt.
                   */
  		if (!m) { /* firewall said to reject */
 -			error = EACCES;
 +			error = EPERM;
  			goto done;
  		}
  		if (off == 0 && dst == old) /* common case */
 


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-bugs" in the body of the message