From owner-freebsd-bugs  Sat Nov 20 17:10: 5 1999
Delivered-To: freebsd-bugs@freebsd.org
Received: from freefall.freebsd.org (freefall.FreeBSD.ORG [204.216.27.21])
	by hub.freebsd.org (Postfix) with ESMTP id 91EB514E44
	for <freebsd-bugs@FreeBSD.org>; Sat, 20 Nov 1999 17:10:01 -0800 (PST)
	(envelope-from gnats@FreeBSD.org)
Received: (from gnats@localhost)
	by freefall.freebsd.org (8.9.3/8.9.2) id RAA48805;
	Sat, 20 Nov 1999 17:10:01 -0800 (PST)
	(envelope-from gnats@FreeBSD.org)
Received: from grey.cloud.rain.com (c1029014-a.bvrtn1.or.home.com [24.12.160.67])
	by hub.freebsd.org (Postfix) with SMTP id 0B6F214F3A
	for <FreeBSD-gnats-submit@freebsd.org>; Sat, 20 Nov 1999 17:01:53 -0800 (PST)
	(envelope-from trost@cloud.rain.com)
Received: (qmail 4794 invoked by uid 236); 21 Nov 1999 01:01:52 -0000
Message-Id: <19991121010152.4793.qmail@grey.cloud.rain.com>
Date: 21 Nov 1999 01:01:52 -0000
From: trost@cloud.rain.com
Reply-To: trost@cloud.rain.com
To: FreeBSD-gnats-submit@freebsd.org
X-Send-Pr-Version: 3.2
Subject: conf/15010: "client" firewall configuration kills incoming broadcast
Sender: owner-freebsd-bugs@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org


>Number:         15010
>Category:       conf
>Synopsis:       "client" firewall configuration kills incoming broadcast
>Confidential:   no
>Severity:       non-critical
>Priority:       medium
>Responsible:    freebsd-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Sat Nov 20 17:10:01 PST 1999
>Closed-Date:
>Last-Modified:
>Originator:     Bill Trost
>Release:        FreeBSD 3.3-STABLE i386
>Organization:
Trost Computing
>Environment:

	rc.conf configured with firewall_enable=YES and firewall_type=client

>Description:

	As provided, the "client" firewall type does not permit the
	host to receive broadcast packets from its local network.

>How-To-Repeat:

	Set the flags.  Install something that needs to receive broadcast
	(e.g., Samba's nmdb).  Watch nothing happen.

>Fix:

	(Just a suggestion).
	
--- rc.firewall.old	Mon Nov  8 19:04:02 1999
+++ rc.firewall	Sat Nov 20 16:58:11 1999
@@ -100,9 +100,11 @@
     mask="255.255.255.0"
     ip="192.168.4.17"
 
-    # Allow any traffic to or from my own net.
-    $fwcmd add pass all from ${ip} to ${net}:${mask}
-    $fwcmd add pass all from ${net}:${mask} to ${ip}
+    # Allow any traffic to or from my own net, including
+    # broadcast traffic.
+    $fwcmd add pass all from ${net}:${mask} to ${net}:${mask} via $ip
+    # undirected broadcast, too
+    $fwcmd add pass all from 255.255.255.255 to $ip via $ip
 
     # Allow TCP through if setup succeeded
     $fwcmd add pass tcp from any to any established



>Release-Note:
>Audit-Trail:
>Unformatted:


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-bugs" in the body of the message