From owner-freebsd-bugs@FreeBSD.ORG Thu Mar 25 02:40:15 2004 Return-Path: Delivered-To: freebsd-bugs@hub.freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id A11D916A4CE for ; Thu, 25 Mar 2004 02:40:15 -0800 (PST) Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21]) by mx1.FreeBSD.org (Postfix) with ESMTP id 81E5F43D3F for ; Thu, 25 Mar 2004 02:40:15 -0800 (PST) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (gnats@localhost [127.0.0.1]) i2PAeFbv031610 for ; Thu, 25 Mar 2004 02:40:15 -0800 (PST) (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.12.10/8.12.10/Submit) id i2PAeFhP031609; Thu, 25 Mar 2004 02:40:15 -0800 (PST) (envelope-from gnats) Resent-Date: Thu, 25 Mar 2004 02:40:15 -0800 (PST) Resent-Message-Id: <200403251040.i2PAeFhP031609@freefall.freebsd.org> Resent-From: FreeBSD-gnats-submit@FreeBSD.org (GNATS Filer) Resent-To: freebsd-bugs@FreeBSD.org Resent-Reply-To: FreeBSD-gnats-submit@FreeBSD.org, Grant Millar Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 2C0B016A4CE for ; Thu, 25 Mar 2004 02:39:45 -0800 (PST) Received: from www.freebsd.org (www.freebsd.org [216.136.204.117]) by mx1.FreeBSD.org (Postfix) with ESMTP id 2700C43D2F for ; Thu, 25 Mar 2004 02:39:45 -0800 (PST) (envelope-from nobody@FreeBSD.org) Received: from www.freebsd.org (localhost [127.0.0.1]) by www.freebsd.org (8.12.10/8.12.10) with ESMTP id i2PAdi72050340 for ; Thu, 25 Mar 2004 02:39:45 -0800 (PST) (envelope-from nobody@www.freebsd.org) Received: (from nobody@localhost) by www.freebsd.org (8.12.10/8.12.10/Submit) id i2PAdiiP050339; Thu, 25 Mar 2004 02:39:44 -0800 (PST) (envelope-from nobody) Message-Id: <200403251039.i2PAdiiP050339@www.freebsd.org> Date: Thu, 25 Mar 2004 02:39:44 -0800 (PST) From: Grant Millar To: freebsd-gnats-submit@FreeBSD.org X-Send-Pr-Version: www-2.3 Subject: misc/64694: UID/GID matching in ipfw non-functional X-BeenThere: freebsd-bugs@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Bug reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 25 Mar 2004 10:40:15 -0000 >Number: 64694 >Category: misc >Synopsis: UID/GID matching in ipfw non-functional >Confidential: no >Severity: serious >Priority: medium >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Thu Mar 25 02:40:15 PST 2004 >Closed-Date: >Last-Modified: >Originator: Grant Millar >Release: 4.9-RELEASE >Organization: Uneix Internet Services >Environment: FreeBSD uneix.com 4.9-RELEASE FreeBSD 4.9-RELEASE #0: Thu Mar 25 08:22:06 CST 2004 fdc@box.domain.com:/usr/src/sys/compile/GENERIC i386 >Description: When adding the following rules uid matching on ipfw is totally ignored as we can see no packets are getting through on the ip with uid maching enabled, packets are allowed in but not out. 00100 3 144 allow tcp from any to 66.X.X.2 00200 0 0 allow tcp from 66.X.X.2 to any uid root 00300 3 132 deny tcp from 66.X.X.2 to any 65535 28440 2522637 allow ip from any to any Clearly you can see this is a substantial problem as now we cannot restrict access to ip's which could cause problems, i've also tried to solve this problem by upgrading to 5.2.1-RELEASE but had exactly the same problem. >How-To-Repeat: >Fix: >Release-Note: >Audit-Trail: >Unformatted: